index_81
UNCLASSIFIED
Implementing Security on Cisco Routers
Version 1.0g
UNCLASSIFIED
81
network 14.1.0.0 0.0.255.255 area 0
network 14.2.6.0 0.0.0.255 area 1
!
! access-list 75 applies to hosts allowed to gather SNMP info
! from this router
no access-list 75
access-list 75 permit host 14.2.6.6
access-list 75 permit host 14.2.6.18
!
! access-list 100 applies to traffic from external networks
! to the internal network or to the router
no access-list 100
access-list 100 deny ip 14.2.6.0 0.0.0.255 any log
access-list 100 deny ip host 14.1.1.20 host 14.1.1.20 log
access-list 100 deny ip 127.0.0.0 0.255.255.255 any log
access-list 100 deny ip 10.0.0.0 0.255.255.255 any log
access-list 100 deny ip 172.16.0.0 0.15.255.255 any log
access-list 100 deny ip 192.168.0.0 0.0.255.255 any log
access-list 100 deny ip 169.254.0.0 0.0.255.255 any log
access-list 100 deny ip any host 14.2.6.255 log
access-list 100 deny ip any host 14.2.6.0 log
access-list 100 deny icmp any any echo log
access-list 100 deny icmp any 14.2.6.0 0.0.0.255 redirect log
access-list 100 permit icmp any 14.2.6.0 0.0.0.255
access-list 100 permit ospf 14.1.0.0 0.0.255.255 host 14.1.1.20
access-list 100 permit tcp any 14.2.6.0 0.0.0.255 established
access-list 100 deny tcp any any range 6000 6009 log
access-list 100 deny tcp any any eq 6667 log
access-list 100 deny tcp any any range 12345 12346 log
access-list 100 deny tcp any any eq 31337 log
access-list 100 permit tcp any eq 20 14.2.6.0 0.0.0.255 gt 1023
access-list 100 deny udp any any eq 2049 log
access-list 100 deny udp any any eq 31337 log
access-list 100 deny udp any any range 33400 34400 log
access-list 100 permit udp any eq 53 14.2.6.0 0.0.0.255 gt 1023
access-list 100 deny tcp any range 0 65535 any range 0 65535 log
access-list 100 deny udp any range 0 65535 any range 0 65535 log
access-list 100 deny ip any any log
!
! access-list 102 applies to traffic from the internal network
! to external networks or to the router itself
no access-list 102
access-list 102 deny ip host 14.2.6.250 host 14.2.6.250 log
access-list 102 permit icmp 14.2.6.0 0.0.0.255 any echo
access-list 102 permit icmp 14.2.6.0 0.0.0.255 any parameter-problem
access-list 102 permit icmp 14.2.6.0 0.0.0.255 any source-quench
access-list 102 deny tcp any any range 1 19 log
access-list 102 deny tcp any any eq 43 log
access-list 102 deny tcp any any eq 93 log
access-list 102 deny tcp any any range 135 139 log
access-list 102 deny tcp any any eq 445 log
access-list 102 deny tcp any any range 512 518 log
access-list 102 deny tcp any any eq 540 log
access-list 102 permit tcp 14.2.6.0 0.0.0.255 gt 1023 any lt 1024
access-list 102 permit udp 14.2.6.0 0.0.0.255 gt 1023 any eq 53