Section 6.0: IOS Firewall Configuration

6.1. IOS Firewall

  1. Configure R5 and R6 as firewall using ACLs.

  2. Use the established keyword to permit return TCP traffic from LAN to Frame Relay.

  3. The established is used for the TCP protocol only: Indicates an established connection. A match occurs if the TCP datagram has the ACK or RST bits set. The nonmatching case is that of the initial TCP datagram that has a SYN bit to form a connection.

  4. Telnet from any router behind R5/R6 should be successful, but Telnet from R7/R8 to any routers behind R5/R6 will not be successful. See Example 4-32.

    Example 4-32. ACL on R6 Ingress on Frame Relay Link
    								!After applying ACL on R5/R6 Frame Relay Link as shown below, telnet not
								!successful from R7 to R3, but successful from ...

Get CCIE Security Practice Labs now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial