Scenario:
As the network engineer for your company you are responsible for all network-related tasks. One day your security officer comes to you and asks is you can further enhance the network security. He wants you to implement an IOS Firewall feature to protect incoming traffic.
Goal:
- All IP addresses have been configured for you.
- Router Mainframe is configured as a webserver, telnet is enabled as well.
- You are not allowed to remove the access-list on the F1/0 interface of router FW.
- Traffic originated from Mainframe is not allowed to reach router Host.
- Router host should be able to telnet into router mainframe.
IOS:
c3640-jk9o3s-mz.124-16.bin
Topology:
Video Solution:
Configuration Files
You need to register to download the GNS3 topology file. (Registration is free!)Once you are logged in you will find the configuration files right here.
Do you want your CCNA or CCNP Certificate?
The How to Master series helps you to understand complex topics like spanning-tree, VLANs, trunks, OSPF, EIGRP, BGP and more.
Written by René Molenaar - CCIE #41726
Hi Rene, Great work! can you please post the final configs for this lab? thanks
Hey there,
I will once i get home from holiday in about 3 weeks.
For now, check out this document:
http://www.ciscopress.com/articles/article.asp?p=26533&seqNum=5
In a single page it explains you how CBAC works and how to configure it. I think this will help you to get through the lab.
cmon this was too easy 😛 lets raise it up a notch to CCIE level 😉
Dear Rene
I have done it the same as you shown in video but did not got any Inspection session and even telnet is not allowed
Did you compare your config to mine to spot the differences?
I attempted to do this with the mentioned IOS above, but the “ip inspect command” doesn’t come up. I keep getting an % Unknown command error.
try with 3725 IOS
hi and thanks for this ,
i just joined the vault ( am also new to security) looking for a way to
recognize if an ios image supports CBAC . ( in GNS3)
Thankk you in advance