Configuring Cisco 871w router for NAT/firewall
Posted on 2008-11-12
I'm setting up a new Cisco 871w router. So far I've configured it so that NAT is set up so that clients can access the internet. This is working. I would like to put this router into "stealth" mode, so to speak, so that it does not respond to ports on the outside interface (except for any that I may open and forward). Right now it either responds closed or has various ports open (including SSH). I've tried enabling the firewall and it does successfully lock down the router from the outside, but it has the side effect of completely blocking all traffic. Inside users can no longer access the internet, despite what the documentation says.
At the moment I've been configuring this via SDM, which perhaps is my first mistake. I'm not familiar enough with the IOS yet, but I'm learning as fast as I can.
I'm guessing either the ACLs aren't right, the firewall settings are not right after SDM creates it, or the NAT is not set up correctly (although it seems to work). Since this is a new setup, there is nothing that can't be changed. Any help would be appreciated.