Common Security Configurations

November 16, 2008 by CCIETalk
Filed under Security

I am working through IE’s Vol 1 security section and it has been great so far. I have done this before but never went through it in such detail. Very first task is related to permitting certain types of traffic while denying and logging the rest.

I will try to collect all the common security related configurations here so I can revisit these when needed. Here are a few common access-list statements that can be used to permit ping, traceroute, bgp etc.

PING

permit icmp any any echo

permit icmp any any echo-reply

TRACEROUTE

permit udp any any range 33434 33464

permit icmp any any time-exceeded

permit icmp any any port-unreachable

BGP

permit tcp any eq bgp any

permit tcp any any eq bgp

OSPF

permit ospf any any

ACTIVE FTP

permit tcp any any range 20 21

PASSIVE FTP

permit tcp any any range 1023 65535

WEB TRAFFIC

permit tcp any any eq www

Tags: access-lists, CCIE Security, cisco ccie, internetwork expert vol 1, reflexive ACLs

Comments

Feel free to leave a comment...
and oh, if you want a pic to show with your comment, go get a gravatar!

You must be logged in to post a comment.

Search the website

Common Security Configurations

Comments

Featured Videos

Recent Comments

Recent Posts

Categories

Blogroll

CCIE Forums

CCIE Rack Rentals

CCIE Training

Advertisement

Polls

Archives