1721 config to block outside Windows logons

[jlancton]

I have a 1721 with the T1 card. It connects out network to the Internet. Lately we seem to be getting lots of authentication requests on the W2K server from outside of our domain.

What changes to the router config can I make to block these attempts? I've got 12.2(3)T with the firewall and ID feature sets, but I have no real idea how to configure them for best security.

Any help would be greatly appreciated.

Thank you,

-Jeff

 

[pmesjar]

What access you want to provide to outside hosts? Do you have any servers that you want to be publicly available? Also what Internet-access restrictions you want to put on your users?

This is just a few basic questions you need to ask yourself before you can apply any firewall rules to your router. I also strongly suggest that you develop the proper security policy about who can do what and so on.

Good document on Cisco router security can be downloaded from:

http://www.nsa.gov/snac/downloads_cisco.cfm

Covers basics as well as some more advanced stuff (VPN...)

Peter Mesjar
CCNP, A+ certified
pmesjar@centrum.sk

"The only true wisdom is in knowing you know nothing.