Cisco 7100 Series Spezifikationen PDF herunterladen (Seite 64)

Step 4—Configuring Cisco IOS Firewall Features

Cisco 7100 Series VPN Configuration Guide

3-34

Note Refer to the “Trafﬁc Filtering and Firewalls” part of the Security Conﬁguration

Guide and the Security Command Reference for advanced ﬁrewall conﬁguration

information.

This section explains how to conﬁgure an extended access list, which is a sequential

collection of permit and deny conditions that apply to an IP address, and includes the

following tasks:

1 Creating Extended Access Lists Using Access List Numbers

2 Verifying Extended Access Lists

3 Applying Access Lists to Interfaces

4 Verifying Extended Access Lists Are Applied Correctly

Note The extended access list conﬁguration explained in this section is different from the

crypto access list conﬁguration explained in the “Creating Crypto Access Lists” section on

page 3-21. Crypto access lists are used to deﬁne which IP trafﬁc is or is not protected by

crypto, while an extended access list is used to determine which IP trafﬁc to forward or

block at an interface.

The simplest connectivityto the Internet is to use a single deviceto provide the connectivity

and ﬁrewall function to the Internet. With everything being in a single device, it is easy to

address translation and termination of the VPN tunnels. Complexity arises when you need

to add extra VPN gateways to the network. This normally leads people into building a

network where the corporate network touches the Internet via a network called the DMZ,

or demilitarized zone.

1 2 ... 59 60 61 62 63 64 65 66 67 68 69 ... 111 112

Keine Kommentare

Cisco 7100 Series Spezifikationen Seite 64