Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Cisco 851 firewall woes

Reply
Thread Tools

Cisco 851 firewall woes

 
 
vorpus@gmail.com
Guest
Posts: n/a
 
      05-06-2008
I'm having a massive problem with my Cisco 851. I'm brand new to Cisco
and the IOS and will actually be attending some technical training in
the coming days. In the meantime, though, I am unable to use the built-
in firewall.

Using the SDM, here is the error I get when using the basic firewall
wizard:

-----------------------------------------------
Submitting 99 commands, please wait...
class-map type inspect match-any sdm-cls-insp-traffic


Error detected at this command. Click OK
-----------------------------------------------

When I connect to the router via the console, this is what it tells
me:

-----------------------------------------------
vorpalrouter#conf t
Enter configuration commands, one per line. End with CNTL/Z.
vorpalrouter(config)#class-map ?
% Unrecognized command
vorpalrouter(config)#class-map
-----------------------------------------------

Any idea why this is happening? Is there any other way I can lock down
ports?
 
Reply With Quote
 
 
 
 
Bod43@hotmail.co.uk
Guest
Posts: n/a
 
      05-06-2008
On 6 May, 09:42, "Peter" <(E-Mail Removed)> wrote:
> Greetings,
>
> > When I connect to the router via the console, this is what it tells
> > me:

>
> > -----------------------------------------------
> > vorpalrouter#conf t
> > Enter configuration commands, one per line. *End with CNTL/Z.
> > vorpalrouter(config)#class-map ?
> > % Unrecognized command
> > vorpalrouter(config)#class-map
> > -----------------------------------------------

>
> > Any idea why this is happening?

>
> Without more info its hard to say exactly, but the error message
> suggests to me that the version of IOS you are using does not include
> that command (and that command is not firewall specific).
>
> Using the CLI, post the output of the "sh ver" command. This will tell
> us the H/W and S/W details of what is in your Router.
>
> > Is there any other way I can lock down ports?

>
> If you really do have the Firewall IOS (which I doubt, we need to see
> the the above output to be able to tell), then by default everything
> already IS shut down.


Hmmm. Not shut down in my experience.
But then I usually blow away the SDM default
anyway.

You need the following.

Deny EVERYTHING inbound
Use inspect to allow "returning traffic" back in.
Of course you can then add exceptions to the
inbound block as required if you were publishing serviices
to the internet.

ip inspect name sunshine tcp
ip inspect name sunshine udp
ip inspect name sunshine icmp

!! Add the following if you require/want:-
ip inspect name sunshine ftp
ip inspect name sunshine http
ip inspect name sunshine tftp
ip inspect name sunshine netshow
ip inspect name sunshine realaudio
ip inspect name sunshine sip
ip inspect name sunshine skinny

ip inspect name sunshine rtsp
ip inspect name sunshine streamworks





interface ATM0/0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0/0.1 point-to-point
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1

interface Dialer0
ip address <removed>
ip access-group inbound in
ip inspect sunshine out

ip access-list extended inbound
deny ip any any




 
Reply With Quote
 
 
 
 
Uli Link
Guest
Posts: n/a
 
      05-06-2008
Peter schrieb:
> Without more info its hard to say exactly, but the error message
> suggests to me that the version of IOS you are using does not include
> that command (and that command is not firewall specific).
>

The 850 series routers only comes with advsecurity IOS (which includes
the Firewall featureset)

--
Uli
 
Reply With Quote
 
Charles N Wyble
Guest
Posts: n/a
 
      06-03-2008
What feature packs? What version?

class-map ? works for me.

Cisco 1841 running

Cisco IOS Software, 1841 Software (C1841-IPBASE-M), Version 12.3(T4,
RELEASE SOFTWARE (fc2)

<host>(config)#class-map ?
WORD class-map name
match-all Logical-AND all matching statements under this classmap
match-any Logical-OR all matching statements under this classmap

I'm not an expert on the different cisco lines so maybe the 851 doesn't
support what you want?

You should check the release notes and feature matrix for your router.

Charles



http://www.velocityreviews.com/forums/(E-Mail Removed) wrote:
> I'm having a massive problem with my Cisco 851. I'm brand new to Cisco
> and the IOS and will actually be attending some technical training in
> the coming days. In the meantime, though, I am unable to use the built-
> in firewall.
>
> Using the SDM, here is the error I get when using the basic firewall
> wizard:
>
> -----------------------------------------------
> Submitting 99 commands, please wait...
> class-map type inspect match-any sdm-cls-insp-traffic
>
>
> Error detected at this command. Click OK
> -----------------------------------------------
>
> When I connect to the router via the console, this is what it tells
> me:
>
> -----------------------------------------------
> vorpalrouter#conf t
> Enter configuration commands, one per line. End with CNTL/Z.
> vorpalrouter(config)#class-map ?
> % Unrecognized command
> vorpalrouter(config)#class-map
> -----------------------------------------------
>
> Any idea why this is happening? Is there any other way I can lock down
> ports?

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
is an 851 to 851 ipsec tunnel possible? Zedsquared Cisco 0 02-03-2010 07:34 PM
NAT question for Cisco 851 router bestdeals421@hotmail.com Cisco 0 12-05-2005 06:33 AM
FA: Cisco 851 VPN Firewall Router murphynev Cisco 2 10-17-2005 08:49 AM
FS: Cisco 851 Uk m0rk Cisco 0 07-10-2005 12:51 PM
cisco 851 qos jas0n Cisco 0 06-18-2005 11:58 AM



Advertisments