Skip to main content

Securing a Cisco Network

By

Securing a Cisco Network

Security is always a concern, and your Cisco network needs to be properly secured. In the following sections, you see how to secure your Cisco network by configuring NAT, by configuring an ACL, and by applying that ACL.

Securing your Cisco network by configuring NAT

The following commands are used to configure NAT overload services on a router called Router1. In this example, a list of source address is created in access list #1, which is then used as the inside source list. The FastEthernet 0/0 port is the overloaded public address port that all inside addresses get translated to.
Router1>enable
Router1#configure terminal
Router1(config)#access-list 1 permit 10.0.0.0 0.255.255.255
Router1(config)#ip nat inside source list 1 interface FastEthernet 0/0 overload
Router1(config)#interface FastEthernet0/0
Router1(config-if)#ip nat outside
Router1(config-if)#interface FastEthernet0/1
Router1(config-if)#ip nat inside

Securing your Cisco network by configuring an access control list (ACL)

ACLs are used to control traffic flow. They can be used allow or deny the flow of traffic. The two main types of ACLs are:
  • Standard ACLs, which have fewer options for classifying data and controlling traffic flow than Extended ACLs. They are only able to manage traffic based on the source IP address. These ACLs are numbered from 1–99 and from 1300–1999.
  • Extended ACLs, which offer the ability to filter or control traffic based on a variety of criteria such as source or destination IP addresses, as well as protocol type such as, ICMP, TCP, UDP, or IP. These ACLs are numbered from 100–199 and from 2000–2699.
To create a standard ACL, you can use the following example which will create an ACL that allows traffic for the 192.168.8.0/24 network.
Switch1>enable
Switch1#configure terminal
Switch1(config)#access-list 50 permit 192.168.8.0 0.0.0.255
To create an extended ACL you can use the following example which will create an ACL that allows traffic with addresses in the 192.168.8.0/24 network and tcp ports of either 80 (http) or 443 (https):
Router1>enable
Router1#configure terminal
Router1(config)#access-list 101 remark This ACL is to control the outbound router traffic.
Router1(config)#access-list 101 permit tcp 192.168.8.0 0.0.0.255 any eq 80
Router1(config)#access-list 101 permit tcp 192.168.8.0 0.0.0.255 any eq 443

Securing your Cisco network by applying an access control list

After you have created an Access Control List (ACL), such as ACL 101 created above, you can apply that ACL to an interface. In the following example, this ACL is placed to restrict outbound traffic on FastEthernet0/1.
Router1>enable
Router1#configure terminal
Router1(config)#interface FastEthernet0/1
Router1(config-if)#ip access-group 101 out
Labels:

Comments

Post a Comment

Popular posts from this blog

How to enable SSH login access to a Cisco router

By
This guide walks you through how to setup SSH on a Cisco Router. SSH is by far more secure then telnet. Telnet allows your passwords to be sent in plain text that anyone can see and gain access to your network. SSH is all encrypted traffic. NOTE: This should work with any Cisco router provided the Cisco IOS on the router supports ssh. Firstly is ssh enabled? router#sh ip ssh SSH Disabled - version 2.0 %Please create RSA keys to enable SSH. Authentication timeout: 60 secs; Authentication retries: 5 In this case its not, if you got a error saying that sh ip ssh is not recognized then you would know that ssh is not supported or possibly that the command is different for your platform. How to enable SSH on a Cisco 800 series router# config term router(config)#crypto key generate rsa usage-keys label router-key The name for the keys will be: router-key Choose the size of the key modulus in the range of 360 to 2048 for your
1 comment
Read more

INSTALL DOT NET FRAMEWORK ON MULTIPLE SERVERS USING POWERSHELL SCRIPT

By
Installing .Net 4.5.2 $servers = Array of Servers foreach($server in $servers) { Write-Host “Copying the installation file” copy-item  –path “-SOURCE” –destination “ destination ” Write-Host “Installing .NET 4.5.2” Invoke-Command –Computername $server –Credentials xxxx { C:\Temp\ NET 4.5.2  /passive /norestart }
2 comments
Read more

Connection failed: enforce firewall policy failed (on win 7 / 64bit)

By
Connection failed: enforce firewall policy failed (on win 7 / 64bit)  error: connection failed: enforce firewall policy failed client: Check point endpoint security r75 build 835002205 on win 7 / 64 bit The solution is to find driver file vsdatant.sys and copy it to system32/drivers Ref :- https://forums.checkpoint.com/forums/thread.jspa?messageID=46927 
1 comment
Read more