General overview of Context-Based Access Control (CBAC).

On the Cisco IOS you can enable state-full firewall and enable protocols which should be inspected. There are many general settings like audit, logging and some settings per each named inspection. Each named inspection has to be applied on an interface with proper direction (in/out).

ip inspect name CBAC ftp timeout 30

ip inspect name CBAC tcp

int gig0/0

inspect CBAC out

There is no implicit deny for non-inspected protocols after the inspection (like for ZBFW) and to protect your network you have to add an access list with the deny statement:

ip access-list extended OUT

deny ip any any


int gig0/0

ip access-group OUT in
 
3
Kudos
 
3
Kudos

Now read this

DMVPN - phase one - EIGRP

Today I would like to implement DMVPN with EIGRP. This protocol is very popular because of its scalability. Please read this post before you start because I’m not going to implement it from scratch:... Continue →