Chapter11.Cisco IOS Firewall: Controlling Access

Chapter 11. Cisco IOS Firewall: Controlling Access

Refer to the following sections for information about these topics:

• 11-1: IOS Transparent Firewall Discusses how an IOS firewall can be configured to become a Layer 2 "transparent" or "stealth" firewall. This configuration can be useful, because it doesn't segment a network when it is introduced. Instead, the firewall acts as a Layer 2 bridge with its full complement of stateful inspection features.

• 11-2: Configuring Network Address Translation Covers methods that can be used to translate IP addresses across an IOS firewall.

• 11-3: Configuring IOS Firewall Stateful Inspection Presents Content-Based Access Control (CBAC), the IOS firewall feature that inspects the state of each connection passing through the firewall. CBAC is the basis for the IOS firewall operation.

• 11-4: HTTP, Java, and URL Filtering Discusses how an IOS firewall can be used to inspect and filter HTTP traffic and Java applets. The firewall also can cooperate with third-party content-filtering services to control end-user web access according to corporate policies.

A Cisco router can be configured to provide a variety of firewall functions. Certain router models and software images can be used to maintain an existing network topology while inserting stateful traffic inspection transparently into a network.

A router can also operate as a routed firewall, in which an existing network is segmented by the router's interfaces. You can configure address translation, as well as stateful traffic inspection, to operate on traffic passing between interfaces.

Finally, an IOS firewall can interact with external servers to inspect and filter web-based traffic according to security policies.

This chapter presents the background information and configuration steps needed to provide these IOS firewall functions.