Cisco 2600

[Scully87]

I've inherited a cisco 2600 as an external router. While I'm familiar with firewalling extensivly using IPtables and linux. I'm wonder about a couple of thing's I've read in some documents.

Firt my setup is as follows. (if you need more let me know)
T1 line into 2600 from ISP.
Line from 2600 into a switch.

1) If I'm writing an acl for IP based traffic to block certain ports and protocols comming in from the internet where do I apply them?
The T1 line interface serial 0/0 or Ethernet 0/0?

2) If I'm blocking the external traffice comming in do I apply it to the interface "in" or "out"? How exactly does that work? The reason I ask is I had a Cisco tech set a rule up do to ICMP flooding comming in and he put the rule on Ethernet 0/0 out.

3) If "out" is correct what would you use "in" for? For traffic going from my network to the internet?

4) In what situation would you put rules on the Line interface, in my case Serial 0/0? (I think)

Thanks for your help,
Cheers,
Scully

 

[gdschertz]

Hi Scully,

To block traffic or ports coming in from the Internet, apply your extended access list on the T1 interface s0/0 and apply it in. Look at it from the routers perspective. If you want to filter incomeing traffic then use in for incoming. The ACL is applyed at the interface level. The command is ip access-group XXXXXXX in ( X stands for the number or named access list). I'd recommend named ACLs, you can assign a line number to each entry. This makes it possible to remove lines on the fly with out disableing the ACL. And it you leave room between lines ( 10 or 20) it will let you add lines as needed. Definatly block the ports for the worm viruses. You can set a ACL on the telnet lines also. Instead of restricting it on the T1 interface. Unless you have an IPSEC IOS the lenght of your ACLs is critical to the performance of the router. Just a T1 in and the 2600 router you can do alot before maxing the cpu.

Hope this helps

 

[Scully87]

Thanks very helpful!

Scully