---

---

UNCLASSIFIED Advanced Security Services  Version 1.0g  UNCLASSIFIED 191   After this step, CBAC should be running on the router. Step 8. Test the CBAC Configuration Perform some simple tests from a host on the trusted network, to see that CBAC is working.  The test shown here has two parts: first, starting a telnet session from a host on the trusted network to a host on the untrusted network, and second, confirming that CBAC is managing the session.  For more detailed testing information, see Section 6. The example below shows a Telnet session from a host on the trusted network (14.2.10.6) to a host on the untrusted network (14.2.9.250). $ telnet 14.2.9.250 Trying 14.2.9.250... Connected to 14.2.9.250. Escape character is '^]'. Welcome to the CENTRAL router.  No unauthorized users, please! Username: nziring Password: Central>   While the Telnet session is active, check the CBAC session status on the router using the command show ip inspect sessions.  It should show the telnet session, as illustrated in the example below.  If the command gives no output, then CBAC is not working. South# show ip inspect sessions Established Sessions   Session 6187B230 (14.2.10.189:3175)=>(14.2.9.250:23) tcp SIS_OPEN South#   If the CBAC configuration seems to be working, save the router configuration to NVRAM at this point with the command copy running startup. 5.3.3.    Configuration Sample The configuration command listing below shows the configuration commands for a firewall router with a simple CBAC configuration.  The desired service list for this firewall is: DNS, NTP, HTTP, FTP, Telnet,  SMTP (to a single host), and POP3 (to a single host).  This sample is formatted as it would appear in a configuration text file stored on a host for download to the router South. no access-list 110 ip access-list extended 110 permit icmp 14.2.10.0 0.0.0.255 any