The Cisco IOS Firewall feature set provides robust, integrated firewall and intrusion-detection functionality at the perimeter of the network. The type of perimeter network can be intranets , extranets (partnernets), and Internet connectivity to remote and branch offices. The Cisco IOS Firewall provides the flexibility by providing a well-rounded solution for perimeter security. IOS Firewall is also scalable and supports Cisco IOS IP Security (IPSec) virtual private network (VPN) solutions and other software-based technologies, including Layer 2 Tunneling Protocol (L2TP) and quality of service(QoS). CBAC is an integral part of the Cisco IOS Firewall feature set and provides unidirectional as well as bidirectional stateful filtering. A typical example is to configure CBAC between two partner companies' networks: you might restrict certain traffic flows for a specific application in one direction. You can also restrict specific traffic flows for other applications in the opposite direction. In other words, you can configure CBAC on a per-interface basis as well. In this chapter, you will learn how CBAC dynamically creates a state table in the Cisco IOS Firewall router to allow outbound traffic from the internal networks and subsequently monitors return traffic associated with that traffic flow. |