Announcement

Collapse
No announcement yet.

Cisco Zone-Based Policy Firewall

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Cisco Zone-Based Policy Firewall

    Hello

    I have a cisco router 877 with ios 12.4

    in a router with an older ios i made firewall rules with access-lists
    ----------------------
    access-list 1 remark SDM_ACL Category=16
    access-list 1 permit 192.0.0.0 0.255.255.255
    access-list 100 remark SDM_ACL Category=17
    access-list 100 permit ip 10.0.0.0 0.255.255.255 any
    access-list 101 remark SDM_ACL Category=1
    access-list 101 deny ip host 255.255.255.255 any
    access-list 101 deny ip 127.0.0.0 0.255.255.255 any
    access-list 101 remark SMTP SBS
    access-list 101 permit tcp host 10.0.0.3 any eq smtp
    access-list 101 remark Deny Local Smtp Outgoing
    access-list 101 deny tcp 10.0.0.0 0.0.0.255 any eq smtp
    access-list 101 permit ip any any
    access-list 101 permit tcp any any
    access-list 101 permit udp any any
    access-list 103 remark SDM_ACL Category=4
    access-list 103 remark IPSec Rule
    access-list 103 permit ip 10.0.0.0 0.0.0.255 192.168.82.0 0.0.0.255
    access-list 104 remark SDM_ACL Category=2
    access-list 104 remark IPSec Rule
    access-list 104 deny ip 10.0.0.0 0.0.0.255 192.168.82.0 0.0.0.255
    access-list 104 permit ip 10.0.0.0 0.0.0.255 any
    access-list 105 remark auto generated by SDM firewall configuration
    access-list 105 remark SDM_ACL Category=1
    access-list 105 permit udp host 213.144.235.2 eq domain any
    access-list 105 permit udp host 213.144.235.1 eq domain any
    access-list 105 remark Allow GRE to SBS
    access-list 105 permit gre any any
    access-list 105 remark Permit port 444 to SBS
    access-list 105 permit tcp any any eq 444
    access-list 105 remark Permit port 443 to SBS
    access-list 105 permit tcp any any eq 443
    access-list 105 permit tcp any any eq 1723
    access-list 105 permit tcp any any eq smtp
    access-list 105 permit ahp host x.x.x.x any
    access-list 105 permit esp host x.x.x.x any
    access-list 105 permit udp host x.x.x.x any eq isakmp
    access-list 105 permit udp host x.x.x.x any eq non500-isakmp
    access-list 105 remark IPSec Rule
    access-list 105 permit ip 192.168.82.0 0.0.0.255 10.0.0.0 0.0.0.255
    access-list 105 deny ip 10.0.0.0 0.0.0.255 any
    access-list 105 permit icmp any any echo-reply
    access-list 105 permit icmp any any time-exceeded
    access-list 105 permit icmp any any unreachable
    access-list 105 deny ip 10.0.0.0 0.255.255.255 any
    access-list 105 deny ip 172.16.0.0 0.15.255.255 any
    access-list 105 deny ip 192.168.0.0 0.0.255.255 any
    access-list 105 deny ip 127.0.0.0 0.255.255.255 any
    access-list 105 deny ip host 255.255.255.255 any
    access-list 105 deny ip host 0.0.0.0 any
    access-list 105 deny ip any any log
    dialer-list 1 protocol ip permit
    ----------------------
    But with the new cisco 877 i cannot load this config in must use zone maps dit someone have a config as above with zone based firewall rules or something else i can use

  • #2
    Re: Cisco Zone-Based Policy Firewall

    If you mean to say that u r not able to put ACL in that new router

    Then the solution for that is check the IOS version .



    If u dont mean this then please explain elaborately

    Cheers
    DT

    Comment

    Working...
    X