Common Security Configurations

Security — By CCIETalk on November 16, 2008 at 7:45 pm

I am working through IE's Vol 1 security section and it has been great so far. I have done this before but never went through it in such detail. Very first task is related to permitting certain types of traffic while denying and logging the rest.

I will try to collect all the common security related configurations here so I can revisit these when needed. Here are a few common access-list statements that can be used to permit ping, traceroute, bgp etc.

PING

permit icmp any any echo

permit icmp any any echo-reply

TRACEROUTE

permit udp any any range 33434 33464

permit icmp any any time-exceeded

permit icmp any any port-unreachable

BGP

permit tcp any eq bgp any

permit tcp any any eq bgp

OSPF

permit ospf any any

ACTIVE FTP

permit tcp any any range 20 21

PASSIVE FTP

permit tcp any any range 1023 65535

WEB TRAFFIC

permit tcp any any eq www

Tags: access-lists, CCIE Security, cisco ccie, internetwork expert vol 1, reflexive ACLs

www.netquote.com

Leave a Reply

You must be logged in to post a comment.

Trackbacks

Leave a Trackback

Copyright © CCIE Talk 2009. All Rights Reserved.