web analytics
  • RSS

  • Polls

    What Cisco Cert Are You Currently Studying?

    View Results

    Loading ... Loading ...
  • Search on CiscoBibles

  • Popular Posts

  • Recent Comments

  • Archives

  • « | Main | »

    Summary of Cisco IOS Firewall

    By admin | August 28, 2009

    IOS Firewall is firewall functionality that is included within specific feature licenses of the Cisco IOS. Cisco IOS is the operating system that most Cisco devices operate. All routers, including the new Integrated Services Routers (ISR) run Cisco IOS.

    Cisco IOS has had a form of firewalling included since the very early releases. This was in the form of packet-filtering technology. This was the first generation of firewall technology.

    Packet filtering is implemented in Cisco IOS by what Cisco calls access lists. Nearly all Cisco routers in service will have access lists configured, because they are very flexible in their use. For example, you can use an access list to restrict who can connect to your router over both Secure Shell (SSH) and HTTP Secure (HTTPS) for management purposes; you can use an access list to restrict routing updates that are propagated from the router, or received by the router; and of course, you can use them on an interface to permit or deny specific traffic based on the configuration of the access list.

    An early improvement on access lists was the addition of the established command. The established command is used in an access list as shown here:

    Router(config)# access-list 100 permit tcp any host eq established

    This access list permits any TCP connection from anywhere with the destination of as long as it is what is called an established connection. This type of access list is good to place inbound on an external interface to get around the issue of dynamically allowing return traffic to clients. However, because the router is not tracking the state of the firewall, this does not really fall under the term of a stateful firewall. It is merely filtering packets, albeit ones with the ACK bit set in the TCP header.

    The first releases of Cisco IOS Firewall implemented a true stateful firewall that ran on a router. This functionality was known as Context-Based Access Control (CBAC).

    CBAC is the basis of the IOS Firewall and has now evolved into the IOS Classic Firewall.

    The Cisco IOS Firewall is made up of three main features:

    These features provide the following benefits:


    Share and Enjoy:
    • Print
    • Digg
    • StumbleUpon
    • del.icio.us
    • Facebook
    • Yahoo! Buzz
    • Twitter
    • Google Bookmarks
    • LinkedIn
    • email
    • Live
    • MySpace

    Topics: CCSP, CCSP Articles | No Comments »


    You must be logged in to post a comment.