1. Home
  2. Cisco Systems
  3. Cisco 851 firewall woes

Cisco 851 firewall woes

I'm having a massive problem with my Cisco 851. I'm brand new to Cisco and the IOS and will actually be attending some technical training in the coming days. In the meantime, though, I am unable to use the built- in firewall.

Using the SDM, here is the error I get when using the basic firewall wizard:

----------------------------------------------- Submitting 99 commands, please wait... class-map type inspect match-any sdm-cls-insp-traffic

Error detected at this command. Click OK

-----------------------------------------------

When I connect to the router via the console, this is what it tells me:

----------------------------------------------- vorpalrouter#conf t Enter configuration commands, one per line. End with CNTL/Z. vorpalrouter(config)#class-map ? % Unrecognized command vorpalrouter(config)#class-map

-----------------------------------------------

Any idea why this is happening? Is there any other way I can lock down ports?

Reply to
vorpus
Loading thread data ...

Greetings,

Without more info its hard to say exactly, but the error message suggests to me that the version of IOS you are using does not include that command (and that command is not firewall specific).

Using the CLI, post the output of the "sh ver" command. This will tell us the H/W and S/W details of what is in your Router.

If you really do have the Firewall IOS (which I doubt, we need to see the the above output to be able to tell), then by default everything already IS shut down.

Cheers.......................pk.

Reply to
Peter

Hmmm. Not shut down in my experience. But then I usually blow away the SDM default anyway.

You need the following.

Deny EVERYTHING inbound Use inspect to allow "returning traffic" back in. Of course you can then add exceptions to the inbound block as required if you were publishing serviices to the internet.

ip inspect name sunshine tcp ip inspect name sunshine udp ip inspect name sunshine icmp

!! Add the following if you require/want:- ip inspect name sunshine ftp ip inspect name sunshine http ip inspect name sunshine tftp ip inspect name sunshine netshow ip inspect name sunshine realaudio ip inspect name sunshine sip ip inspect name sunshine skinny

ip inspect name sunshine rtsp ip inspect name sunshine streamworks

interface ATM0/0 no ip address no atm ilmi-keepalive dsl operating-mode auto ! interface ATM0/0.1 point-to-point pvc 0/38 encapsulation aal5mux ppp dialer dialer pool-member 1

interface Dialer0 ip address ip access-group inbound in ip inspect sunshine out

ip access-list extended inbound deny ip any any

Reply to
Bod43

Peter schrieb:

The 850 series routers only comes with advsecurity IOS (which includes the Firewall featureset)

Reply to
Uli Link

What feature packs? What version?

class-map ? works for me.

Cisco 1841 running

Cisco IOS Software, 1841 Software (C1841-IPBASE-M), Version 12.3(8)T4, RELEASE SOFTWARE (fc2)

(config)#class-map ? WORD class-map name match-all Logical-AND all matching statements under this classmap match-any Logical-OR all matching statements under this classmap

I'm not an expert on the different cisco lines so maybe the 851 doesn't support what you want?

You should check the release notes and feature matrix for your router.

Charles

snipped-for-privacy@gmail.com wrote:

Reply to
Charles N Wyble

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.