RE: Cisco 2611 as a firewall?

[Scott Stone <SStone@example.com>]

hmm well, by default a 2611 can do filtering, but is not a stateful
firewall.  You can get the IOS-firewall feature set (if you have a Cisco TAC
account), which makes it stateful, but still not as good as also putting in
a PIX firewall or some other type of solution (ie, iptables perhaps?  The
PIX is better[1], but linux2.4+iptables is certainly cheaper...)

[1] think accountability/supportability.  Cisco's support is great.

-----------------------------------------------------
Scott M. Stone <sstone@example.com>
Senior Technical Consultant - UNIX and Networking
Taos, the Sysadmin Company - Santa Clara, CA


-----Original Message-----
From: sven@example.com [mailto:sven@example.com]
Sent: Wednesday, May 16, 2001 7:07 AM
To: tlug@example.com
Subject: Cisco 2611 as a firewall?


A friend of mine who's running an ISP wants me to come over
and configure his Cisco 2611 router he just got as the primary
link to his backbone.

For security I'm going to block basically all incoming port beside the
he needs for the services he running locally. These are DNS, POP3,
SMTP(not sure we wants to allow), Web, and SSH. Outgoing port wouldn't
have to be blocked I believe.

I also have to worry about having it connected to the backbone,
which is done via a nailed T1 WAN link.

I have little to no experience with Cisco routers, so where do I start,
how can I accomplish all this and what do I have to be careful about?

SVEN


-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
reply to: =svenATsvensimonDOTcom=

-----------------------------------------------------------------------
Next Technical Meeting:  Sat, May 12 13:30- 
Next Nomikai Meeting:    Fri, June (TBA) 19:30- Tengu Tokyo Eki Mae
-----------------------------------------------------------------------
more info: http://www.tlug.gr.jp           Sponsor: Global Online Japan