Section 6.0: IOS Firewall Configuration

6.1. Context-Based Access Control (CBAC)

  1. Configure IOS Firewall—CBAC on R5 to protect VLAN6.

  2. Configure inspection to monitor all TCP and UDP traffic.

  3. Configure ACL on R6 such that the R7 ATM network can Telnet, ping, and FTP to all networks beyond R5 and should not be able to initiate any traffic to the Frame Relay network.

  4. Additionally, any device in the VLAN2 network should not be able to ping the R7 ATM link, but R7 should be able to ping R3. See ACL 101 configured on R5 in the example following item 6.

  5. Tune default firewall parameters for the number of existing half-open sessions that will cause the firewall to start deleting half-open sessions at 1500 and to stop deleting at 1200 sessions, as demonstrated ...

Get CCIE Security Practice Labs now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial