Hall of Fame

1. JFrederic...670,739
2. donjohnston417,021
3. ikalmar368,163
4. lrmoore253,279
5. that1guy15222,805
6. rochey2...195,091
7. asavener186,926
8. kenboonejr171,661
9. memo_tnt133,650
10. bkepford120,600
11. giltjr112,140
12. jodylemoine109,745
13. equalizer107,193
14. Quori90,445
15. harbor23589,007
16. RobWill88,199
17. mikecr88,148
18. MikeKane86,702
19. Darr24784,513
20. _jesper_75,755
21. dpk_wal74,023
22. API_NOC72,233
23. cstosgale62,348
24. uetian170761,946
25. 3nerds61,200

1. lrmoore3,472,389
2. JFrederic...2,255,296
3. donjohnston1,666,516
4. mikebernh...700,315
5. RobWill500,713
6. harbor235443,203
7. rsivanandan436,793
8. that1guy15385,450
9. ikalmar368,163
10. giltjr330,253
11. Dr-IP308,429
12. bkepford292,320
13. batry_boy220,946
14. Darr247220,339
15. _jesper_202,054
16. kbbcnet200,499
17. rochey2...195,091
18. mikecr194,743
19. asavener186,926
20. Scotty_ci...186,404
21. calvinetter181,881
22. from_exp181,371
23. dpk_wal177,900
24. kenboonejr171,661
25. donmanrobb170,225

	[x] Posted via EE Mobile
	Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again.

Question

	[x] Attachment Details

[x]

The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

The Grade of the Solution
The Zone Rank of the Expert Providing the Solution
The Number of Author and Expert Comments
The Number of Experts Contributing
The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!

6.6

Cisco 1700 Gateway Security config

Asked by Xorb in Network Routers

Tags: cisco, 1700, how

Hey there all the Cisco Jedi.
I'm still learning the ways of the Cisco, and I need a little help asap.

The setup
------------

Here follows the relivan bits of my config:

A lan, (20-something nodes ), and a Cisco 1700 ( 1721 ) with a ser0, a fa0 and a bri0 ( lets forget abt the bri for now ). On the serial there is a p2p line to our ISP.

The ISP gave me a block of IPz ( abt 50 ) and even though it's not ideal ( as the syptoms indicate ) the network is "walled" by having NAT on the router. Appart from the one or two static mappings the rest is all pool-inside pool-outside. It keeps the worms and koderkidzies out.

The syptom
---------------
Something funny happening here on the p2p internet line. Things time out ... allot ... more and more often. A ping to the router on the other side of the line ( isp side ) shows a pattern, 15 min "good" pinging ( 40 ms to 400 ms ) and then 5 min "BAD" responce ( 1000 to 10 000 ms !! and more ! ) this pattern loops over and over

*note : times not exactly, guistimates .... observations ...actual times vary and the problem sequince is not an exact loop.

The Investigation
--------------------

IP Accounting on the ISP router ( how do I set that up ? ) shows that some IP is sending mass packets every now and then. My router takes one look and sends them back. The ISP router figures these are due for us and sends them back .... 16 times the packets get passed over the p2p bottleneck before they drop.

This is asking for trouble ... I am set up for ultimate DNS attack ! those 16 bounces gives a amplification factor of 16 times to any "unwanted" data coming over the p2p

The question :
----------------
Please enlighten me, the untrained yet eager student, how should I configure this ? Obviously I want to drop bad trafic before it bounces away my bandwith. Is there a better way of using a router as a bit of a hardwear-firewall ? I could ask my ISP to bolck the "attacker" at point where the trafic enters our continent, but this is far from a solution, my setup neads to be geared to handle this situation.
Is it even possible to efectively use my router as a good firewall ?

Many thanks

**Note : Do not sugest buying anything, not even "second hand", out here in africa pre-owned is rarely for sale and all I have is time.

View the Solution FREE for 30 Days

20091118-EE-VQP-93

Cisco 1700 Gateway Security config

Asked by Xorb in Network Routers

Tags: cisco, 1700, how

About this solution