index_192
Router Security Configuration Guide
UNCLASSIFIED
192
UNCLASSIFIED
Version 1.0g
permit udp 14.2.10.0 0.0.0.255 any eq ntp
permit udp 14.2.10.0 0.0.0.255 any eq domain
permit tcp 14.2.10.0 0.0.0.255 any eq www
permit tcp 14.2.10.0 0.0.0.255 any eq ftp
permit tcp 14.2.10.0 0.0.0.255 any eq telnet
permit tcp 14.2.10.0 0.0.0.255 host 14.2.9.3 eq smtp
permit tcp 14.2.10.0 0.0.0.255 host 14.2.9.3 eq pop3
deny ip any any
exit
no access-list 111
ip access-list extended 111
deny ip 14.2.10.0 0.0.0.255 any log
permit udp any any eq rip
permit icmp any any echo-reply
permit icmp any any unreachable
permit icmp any any ttl-exceeded
deny ip any any log
exit
ip inspect name fw1 udp audit-trail on
ip inspect name fw1 tcp audit-trail on
ip inspect name fw1 ftp audit-trail on
ip inspect name fw1 smtp audit-trail on
ip inspect tcp synwait-time 15
ip inspect tcp finwait-time 1
ip inspect tcp idle-time 1800
ip inspect udp idle-time 15
interface eth 0/0
ip access-group 110 out
ip access-group 111 in
ip inspect fw1 out
end