NettableWalker
IS-IT--Management
Hi Everyone,
I'm all confused with my firewall setup on my 837.
Which interface does the inspect rule go on? and is it in or out?
I've got it going both ways on the Dialer1 at the moment but have a suspicion that this is not good.
here's my relevent config bits:
ip inspect name DEFAULT100 cuseeme
ip inspect name DEFAULT100 ftp
ip inspect name DEFAULT100 rcmd
ip inspect name DEFAULT100 realaudio
ip inspect name DEFAULT100 smtp
ip inspect name DEFAULT100 tftp
ip inspect name DEFAULT100 tcp
ip inspect name DEFAULT100 udp
ip inspect name DEFAULT100 icmp
ip inspect name DEFAULT100 http
ip inspect name DEFAULT100 ipsec-msft
interface Ethernet0
description Connected to Local Network
ip address xxxxxxx 255.255.0.0
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
hold-queue 100 out
!
!
interface ATM0
no ip address
no ip mroute-cache
atm vc-per-vp 64
no atm auto-configuration
no atm ilmi-keepalive
no atm address-registration
no atm ilmi-enable
dsl operating-mode auto
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
interface Dialer1
ip address negotiated
ip access-group 100 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip inspect DEFAULT100 in
ip inspect DEFAULT100 out
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication pap chap callin
ppp chap hostname xxxxx
ppp chap password xxxxxx
ppp pap sent-username xxxx password xxxxxxx
ppp ipcp dns request
ppp ipcp wins request
crypto map xxxxx
hold-queue 224 in
Is this s super-tight safe network or a wide open doorway?
Is it really necessary to have all those inspect rules, or could i just have TCP,UDP and ICMP and leave it at that?
Thanks for all your help.
Cheers
I'm all confused with my firewall setup on my 837.
Which interface does the inspect rule go on? and is it in or out?
I've got it going both ways on the Dialer1 at the moment but have a suspicion that this is not good.
here's my relevent config bits:
ip inspect name DEFAULT100 cuseeme
ip inspect name DEFAULT100 ftp
ip inspect name DEFAULT100 rcmd
ip inspect name DEFAULT100 realaudio
ip inspect name DEFAULT100 smtp
ip inspect name DEFAULT100 tftp
ip inspect name DEFAULT100 tcp
ip inspect name DEFAULT100 udp
ip inspect name DEFAULT100 icmp
ip inspect name DEFAULT100 http
ip inspect name DEFAULT100 ipsec-msft
interface Ethernet0
description Connected to Local Network
ip address xxxxxxx 255.255.0.0
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
hold-queue 100 out
!
!
interface ATM0
no ip address
no ip mroute-cache
atm vc-per-vp 64
no atm auto-configuration
no atm ilmi-keepalive
no atm address-registration
no atm ilmi-enable
dsl operating-mode auto
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
interface Dialer1
ip address negotiated
ip access-group 100 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip inspect DEFAULT100 in
ip inspect DEFAULT100 out
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication pap chap callin
ppp chap hostname xxxxx
ppp chap password xxxxxx
ppp pap sent-username xxxx password xxxxxxx
ppp ipcp dns request
ppp ipcp wins request
crypto map xxxxx
hold-queue 224 in
Is this s super-tight safe network or a wide open doorway?
Is it really necessary to have all those inspect rules, or could i just have TCP,UDP and ICMP and leave it at that?
Thanks for all your help.
Cheers
