C H A P T E R
8-1
Cisco 850 Series and Cisco 870 Series Access Routers Software Configuration Guide
OL-5332-01
8
Configuring a Simple Firewall
The Cisco 850 and Cisco 870 series routers support network traffic filtering by means of access lists.
The routers also support packet inspection and dynamic temporary access lists by means of
Context-Based Access Control (CBAC).
Basic traffic filtering is limited to configured access list implementations that examine packets at the
network layer or, at most, the transport layer, permitting or denying the passage of each packet through
the firewall. However, the use of inspection rules in CBAC allows the creation and use of dynamic
temporary access lists. These dynamic lists allow temporary openings in the configured access lists at
firewall interfaces. These openings are created when traffic for a specified user session exits the internal
network through the firewall. The openings allow returning traffic for the specified session (that would
normally be blocked) back through the firewall.
See the
Cisco IOS Security Configuration Guide, Release 12.3
, for more detailed information on traffic
filtering and firewalls.
Figure 8-1
shows a network deployment using PPPoE or PPPoA with NAT and a firewall.
Figure 8-1
Router with Firewall Configured
121781
2
3
7
5
6
1
4