Cisco 851 firewall woes
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
||||||||||||||||
|
Posted by on May 5, 2008, 8:28 pm
Please log in for more thread options and the IOS and will actually be attending some technical training in the coming days. In the meantime, though, I am unable to use the built- in firewall. Using the SDM, here is the error I get when using the basic firewall wizard: ----------------------------------------------- Submitting 99 commands, please wait... class-map type inspect match-any sdm-cls-insp-traffic Error detected at this command. Click OK ----------------------------------------------- When I connect to the router via the console, this is what it tells me: ----------------------------------------------- vorpalrouter#conf t Enter configuration commands, one per line. End with CNTL/Z. vorpalrouter(config)#class-map ? % Unrecognized command vorpalrouter(config)#class-map ----------------------------------------------- Any idea why this is happening? Is there any other way I can lock down ports? | ||||||||||||||||
|
Posted by Peter on May 6, 2008, 3:42 am
Please log in for more thread options Without more info its hard to say exactly, but the error message suggests to me that the version of IOS you are using does not include that command (and that command is not firewall specific). Using the CLI, post the output of the "sh ver" command. This will tell us the H/W and S/W details of what is in your Router. > Is there any other way I can lock down ports?
If you really do have the Firewall IOS (which I doubt, we need to see the the above output to be able to tell), then by default everything already IS shut down. Cheers.......................pk. -- Peter from Auckland. | ||||||||||||||||
|
Posted by on May 6, 2008, 1:20 pm
Please log in for more thread options > Greetings,
> > > When I connect to the router via the console, this is what it tells
> > me: >
> > -----------------------------------------------
> > vorpalrouter#conf t > > Enter configuration commands, one per line. =A0End with CNTL/Z. > > vorpalrouter(config)#class-map ? > > % Unrecognized command > > vorpalrouter(config)#class-map > > ----------------------------------------------- >
> > Any idea why this is happening?
>
> Without more info its hard to say exactly, but the error message > suggests to me that the version of IOS you are using does not include > that command (and that command is not firewall specific). > > Using the CLI, post the output of the "sh ver" command. This will tell > us the H/W and S/W details of what is in your Router. > > > Is there any other way I can lock down ports?
>
> If you really do have the Firewall IOS (which I doubt, we need to see > the the above output to be able to tell), then by default everything > already IS shut down. Hmmm. Not shut down in my experience. But then I usually blow away the SDM default anyway. You need the following. Deny EVERYTHING inbound Use inspect to allow "returning traffic" back in. Of course you can then add exceptions to the inbound block as required if you were publishing serviices to the internet. ip inspect name sunshine tcp ip inspect name sunshine udp ip inspect name sunshine icmp !! Add the following if you require/want:- ip inspect name sunshine ftp ip inspect name sunshine http ip inspect name sunshine tftp ip inspect name sunshine netshow ip inspect name sunshine realaudio ip inspect name sunshine sip ip inspect name sunshine skinny ip inspect name sunshine rtsp ip inspect name sunshine streamworks interface ATM0/0 no ip address no atm ilmi-keepalive dsl operating-mode auto ! interface ATM0/0.1 point-to-point pvc 0/38 encapsulation aal5mux ppp dialer dialer pool-member 1 interface Dialer0 ip address <removed>
ip access-group inbound in
ip inspect sunshine out ip access-list extended inbound deny ip any any | ||||||||||||||||
|
Posted by Uli Link on May 6, 2008, 4:06 pm
Please log in for more thread options Peter schrieb:
> Without more info its hard to say exactly, but the error message
The 850 series routers only comes with advsecurity IOS (which includes
> suggests to me that the version of IOS you are using does not include > that command (and that command is not firewall specific). > the Firewall featureset) -- Uli | ||||||||||||||||
|
Posted by Charles N Wyble on June 3, 2008, 3:20 am
Please log in for more thread options What feature packs? What version?
class-map ? works for me. Cisco 1841 running Cisco IOS Software, 1841 Software (C1841-IPBASE-M), Version 12.3(8)T4, RELEASE SOFTWARE (fc2) <host>(config)#class-map ?
WORD class-map name
match-all Logical-AND all matching statements under this classmap match-any Logical-OR all matching statements under this classmap I'm not an expert on the different cisco lines so maybe the 851 doesn't support what you want? You should check the release notes and feature matrix for your router. Charles vorpus@gmail.com wrote: > I'm having a massive problem with my Cisco 851. I'm brand new to Cisco
> and the IOS and will actually be attending some technical training in > the coming days. In the meantime, though, I am unable to use the built- > in firewall. > > Using the SDM, here is the error I get when using the basic firewall > wizard: > > ----------------------------------------------- > Submitting 99 commands, please wait... > class-map type inspect match-any sdm-cls-insp-traffic > > > Error detected at this command. Click OK > ----------------------------------------------- > > When I connect to the router via the console, this is what it tells > me: > > ----------------------------------------------- > vorpalrouter#conf t > Enter configuration commands, one per line. End with CNTL/Z. > vorpalrouter(config)#class-map ? > % Unrecognized command > vorpalrouter(config)#class-map > ----------------------------------------------- > > Any idea why this is happening? Is there any other way I can lock down > ports? | ||||||||||||||||
| Similar Threads | Posted |
| Cisco 851 firewall woes | May 5, 2008, 8:28 pm |
| Cisco 7912 IP Phone PoE woes | August 9, 2006, 10:32 am |
| Cisco PIX woes with MS Cert Service on Windows 2000 | August 25, 2006, 7:09 am |
| Dynamic DNS woes | January 7, 2006, 1:11 pm |
| Multicast woes | January 30, 2006, 4:18 pm |
| AAA authentication woes | April 27, 2006, 6:22 am |
| E-Mail Woes to Mailsweeper on PIX DMZ | October 13, 2006, 2:53 pm |
| Is Cisco PIX Application level firewall or Packet level firewall? | October 14, 2005, 2:15 pm |
| 2801 power supply woes... | December 6, 2006, 6:56 am |
| AP1310, adding a new one to an existing setup woes | May 30, 2006, 5:51 am |
| Increasing data transfer on a firewall to firewall vpn connection | June 14, 2005, 5:33 pm |
| Cisco PIX 501 Firewall | September 3, 2006, 1:23 pm |
| Cisco PIX 501 Firewall. | December 18, 2006, 3:39 pm |
| Cisco PIX 520 Firewall. | August 7, 2007, 7:43 pm |
| Cisco IOS Firewall Software | August 30, 2005, 3:25 pm |
> me:
>
> -----------------------------------------------
> vorpalrouter#conf t
> Enter configuration commands, one per line. End with CNTL/Z.
> vorpalrouter(config)#class-map ?
> % Unrecognized command
> vorpalrouter(config)#class-map
> -----------------------------------------------
>
> Any idea why this is happening?