• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 764
  • Last Modified:

How to configure a Cisco 2600 Router as a Pix Firewall

I let my Cisco certification expire 7 years ago because I had not worked with anything Cisco since I was in school.
During that schooling I was offered a certain Cisco security class which the instructor claimed would show how to configure a 2600 router as a Pix Firewall.  I skipped that class, and cannot seem to find anything related on the web.  
Is it possible to configure this way & if so is there simply a configuration file that I can upload to do it?
0
jasfout
Asked:
jasfout
  • 2
  • 2
  • 2
  • +1
1 Solution
 
stsonlineCommented:
You can use access-lists and NATs to approximate some of the behavior of a PIX firewall, but the process is tedious and not intuitive at all. With the price of a base ASA 5505 at $350.00 USD (for a 10-user Base version) it's not really worth it.

However, if you want to try it, here are a few links (no, there isn't a basic config you can just put on a router):

http://www.cisco.com/en/US/docs/ios/11_3/security/configuration/guide/scacls.html
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094e77.shtml

Configuration Examples:
http://www.cisco.com/en/US/products/sw/secursw/ps1018/prod_configuration_examples_list.html



0
 
Vito_CorleoneCommented:
You will not be able to get a router to act exactly like a firewall. He was probably talking about CBAC, which is the IOS Firewall. Here's a configuration example:

http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a0080094e8b.shtml

Basically you have an ACL from the outside in, which blocks most things. You then use CBAC with "ip inspect" commands to look at the traffic going out and open up temporary holes in the ACL to allow the traffic back in from outside.
0
 
jasfoutAuthor Commented:
Thank you for the quick response!
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
that1guy15Commented:
You are looking for the Cisco IOS firewall feature set. Here is a link that goes in to the details of IOS firewall.
http://www.calstatela.edu/faculty/egean/cs580/cisco-documents/Cisco-IOS-Firewall-Feature-Set.pdf 
Basically you need an IOS image that supports the IOS firewall feature set. You then can configure ACLs and inspection rules as you would a normal firewall. You also have the option of IDS/IPS functionality on some models.
 If you have a newer version of IOS on your 2600 that does support IOS firewall the best way to go about setting it up would be to use the cisco GUI (called SDM).
 
Hope this helps.
 
0
 
that1guy15Commented:
quick on the gun to accept an answer huh?
OH well :)
0
 
Vito_CorleoneCommented:
I thought the same thing, lol. Didn't even get the assist.
0
 
jasfoutAuthor Commented:
My apologies...I didnt realize Cisco was such a hot topic here.
When I accepted, there was only one comment, and it confirmed my suspicions.
You both provided valuable information and I may use it should I decide to configure that way.  For that I can only give you my thanks now....7 & 9 minutes quicker would have made the assist points for sure though.
:)
I will try not to be so quick on the gun in the future

0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

  • 2
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now