Solved

Cisco 1720 Info

Posted on 2004-09-11
7
780 Views
Last Modified: 2010-04-17
I have a couple of cisco 1720 modular access routers.  Do these routers come with a firewall?  I have heard of the 1721 router referred to as a firewall and was just wondering if the 1720 is the same and if not, what the primary differences are between the two.

Also, as far as firewall is concerned regarding these 2 routers, is it an IOS firewall the comes on these routers and is the IOS firewall different from a PIX firewall?  If you know how to configure one, would you know how to configure the other?

How could i check on the routers to see if they have firewall functionality?

Thanks for any clarity on this matter.
0
Comment
Question by:andreacadia
  • 3
  • 2
  • 2
7 Comments
 
LVL 40

Accepted Solution

by:
Fatal_Exception earned 250 total points
ID: 12036109
Yes, it is highly configurable, although not quite the 1721..  This page answers most of your questions:

http://www.cisco.com/univercd/cc/td/doc/pcat/1720.htm

Firewall
The 1700 supports an integrated firewall and intrusion detection with Cisco Secure Integrated Software. Cisco Secure Integrated Software (formerly the Cisco IOS Firewall) includes context based access control for dynamic firewall filtering, intrusion detection, denial of service detection and prevention, Java blocking, and real-time alerts. Internal users can access the Internet with secure, per-application-based dynamic access control. Unauthorized, Internet users are prevented from accessing the internal LAN.

Encryption
The Cisco 1720 supports IPSec DES and Triple DES (3DES) encryption, as well as an expansion slot on the motherboard for an optional VPN Module that delivers hardware-based wire-speed encryption. Enables creation of secure VPNs by providing all the components necessary to deliver a VPN solution: integrated VPN tunneling, encryption, firewall and intrusion detection. Optional high-speed hardware-assisted encryption to deliver triple DES encryption at full duplex T1/E1 speeds


FE
0
 

Author Comment

by:andreacadia
ID: 12036160
you said, "not quite the 1721"...what do you mean?

So if i am understanding correctly, the firewall feature of the 1720 and 1721 is simply based on access-lists?   Are these just regular access lists?  And i will assume that the Cisco Secure Integrated Software is different from Cisco PIX?  Hhow can i verify what features are installed on my router?
0
 
LVL 7

Assisted Solution

by:pedrow
pedrow earned 250 total points
ID: 12036337
Don't confuse 'based on access-lists' with packet filtering.

access-lists are used to control all sorts of functions on routers and it's important to know exactly how.

Both of these routers can run firewall feature sets and behave in just about exactly the same way. As near as I can tell, the 1721 is just a newer replacement of the 1720. i.e. they only have one fast E port and two wic slots., but the 1721 presumably a better processor.

If you pay for the fw feature set, you can have the 1720 act as a firewall just as well as a 1721.

You can tell what feature set you have by the name of the image from router>show version
the nomenclature is documented on cco on what each image is.

and just knowing how to configure IOS routers doesn't guarantee that you can do a PIX. Some things are similar/the same, but other aspects are completely different, such as how you deal with routing, NAT, and on older PIX versions, access control.




0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 12036482
Well said...  
0
 

Author Comment

by:andreacadia
ID: 12036840
...so the FW feature set utilizes commands that are not inherent to the standard IOS software??  Does it use access-lists or packet filtering? Do you have a sample config with some fw rules configured?

Also , can you purchase the fw feature set for any model cisco router?
0
 
LVL 7

Expert Comment

by:pedrow
ID: 12037372
There are a fair amount of examples on cisco's website, here's one for instance:
http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_configuration_example09186a008009445f.shtml

Pretty much any cisco router supports some flavor of the fw feature set....ok...maybe not that old 1004 you've got laying around, but most others do.

Alternatively, you might find that something like reflexive access-lists might be good enough and that is available on most platforms. Reflexive access-lists are better than regular access-lists in that they provide dynamic inbound permits that get opened when traffic goes outbound. So, for TCP traffic, the permit gets closed when it sees a FIN or RST bit in the header. UDP permits get closed usually based on a timer. It eliminates the need to maintain a 'tcp established' permit, which has its detractors. It still lacks the intelligence you get with FW code to deal with dynamic port stuff like you see with active-mode TCP, but it's pretty darn useful. Here's a link that might explain it more:

http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800ca7c3.html

hope this helps.
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 12092572
Thanks..

FE
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Suggested Solutions

The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now