Solved

Cisco 1720 Info

Posted on 2004-09-11
7
785 Views
Last Modified: 2010-04-17
I have a couple of cisco 1720 modular access routers.  Do these routers come with a firewall?  I have heard of the 1721 router referred to as a firewall and was just wondering if the 1720 is the same and if not, what the primary differences are between the two.

Also, as far as firewall is concerned regarding these 2 routers, is it an IOS firewall the comes on these routers and is the IOS firewall different from a PIX firewall?  If you know how to configure one, would you know how to configure the other?

How could i check on the routers to see if they have firewall functionality?

Thanks for any clarity on this matter.
0
Comment
Question by:andreacadia
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 40

Accepted Solution

by:
Fatal_Exception earned 250 total points
ID: 12036109
Yes, it is highly configurable, although not quite the 1721..  This page answers most of your questions:

http://www.cisco.com/univercd/cc/td/doc/pcat/1720.htm

Firewall
The 1700 supports an integrated firewall and intrusion detection with Cisco Secure Integrated Software. Cisco Secure Integrated Software (formerly the Cisco IOS Firewall) includes context based access control for dynamic firewall filtering, intrusion detection, denial of service detection and prevention, Java blocking, and real-time alerts. Internal users can access the Internet with secure, per-application-based dynamic access control. Unauthorized, Internet users are prevented from accessing the internal LAN.

Encryption
The Cisco 1720 supports IPSec DES and Triple DES (3DES) encryption, as well as an expansion slot on the motherboard for an optional VPN Module that delivers hardware-based wire-speed encryption. Enables creation of secure VPNs by providing all the components necessary to deliver a VPN solution: integrated VPN tunneling, encryption, firewall and intrusion detection. Optional high-speed hardware-assisted encryption to deliver triple DES encryption at full duplex T1/E1 speeds


FE
0
 

Author Comment

by:andreacadia
ID: 12036160
you said, "not quite the 1721"...what do you mean?

So if i am understanding correctly, the firewall feature of the 1720 and 1721 is simply based on access-lists?   Are these just regular access lists?  And i will assume that the Cisco Secure Integrated Software is different from Cisco PIX?  Hhow can i verify what features are installed on my router?
0
 
LVL 7

Assisted Solution

by:pedrow
pedrow earned 250 total points
ID: 12036337
Don't confuse 'based on access-lists' with packet filtering.

access-lists are used to control all sorts of functions on routers and it's important to know exactly how.

Both of these routers can run firewall feature sets and behave in just about exactly the same way. As near as I can tell, the 1721 is just a newer replacement of the 1720. i.e. they only have one fast E port and two wic slots., but the 1721 presumably a better processor.

If you pay for the fw feature set, you can have the 1720 act as a firewall just as well as a 1721.

You can tell what feature set you have by the name of the image from router>show version
the nomenclature is documented on cco on what each image is.

and just knowing how to configure IOS routers doesn't guarantee that you can do a PIX. Some things are similar/the same, but other aspects are completely different, such as how you deal with routing, NAT, and on older PIX versions, access control.




0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 12036482
Well said...  
0
 

Author Comment

by:andreacadia
ID: 12036840
...so the FW feature set utilizes commands that are not inherent to the standard IOS software??  Does it use access-lists or packet filtering? Do you have a sample config with some fw rules configured?

Also , can you purchase the fw feature set for any model cisco router?
0
 
LVL 7

Expert Comment

by:pedrow
ID: 12037372
There are a fair amount of examples on cisco's website, here's one for instance:
http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_configuration_example09186a008009445f.shtml

Pretty much any cisco router supports some flavor of the fw feature set....ok...maybe not that old 1004 you've got laying around, but most others do.

Alternatively, you might find that something like reflexive access-lists might be good enough and that is available on most platforms. Reflexive access-lists are better than regular access-lists in that they provide dynamic inbound permits that get opened when traffic goes outbound. So, for TCP traffic, the permit gets closed when it sees a FIN or RST bit in the header. UDP permits get closed usually based on a timer. It eliminates the need to maintain a 'tcp established' permit, which has its detractors. It still lacks the intelligence you get with FW code to deal with dynamic port stuff like you see with active-mode TCP, but it's pretty darn useful. Here's a link that might explain it more:

http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800ca7c3.html

hope this helps.
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 12092572
Thanks..

FE
0

Featured Post

Turn Insights Into Action

You’ve already invested in ITSM tools, chat applications, automation utilities, and more. Fortify these solutions with intelligent communications so you can drive business processes forward.

With xMatters, you'll never miss a beat.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question