In addition to its primary role of routing, a router can provide security to the perimeter of the network. And depending on how you deploy it, a router can provide security to an intranet between different departments, or to an extranet between partners.

Routers provide several security services, which are commonly known as the IOS firewall feature set. The most important component of the IOS Firewall feature set is the Advanced Firewall Engine called Context-Based Access Control (CBAC), which turns a router into an effective enterprise-class firewall (FW). So, the primary focus of this chapter is CBAC, and how it interoperates with other security features such as auth-proxy, Network Address Translation ...