Converting A router to Act as firewall

Posted on 2011-10-24
Last Modified: 2012-05-12

Is there any method or document which I can refer to convert my Cisco Router 2800 series to act as firewall, also called hardening of router. Please provide any link or study material or instructions.

Question by:krishab46
    LVL 11

    Accepted Solution

    This is Cisco's official guide to hardening its routers:

    The process is fairly involved. I usually recommend that people use an dedicated firewall device, such as the Cisco ASA, Sonicwal TZ-100, Juniper SSG-5, etc. These all have graphical interfaces that make them much easier to configure and maintain. The 2800 is primarily a command line interface, although it does have a very rudimentary web interface, it's incomplete.
    LVL 2

    Assisted Solution

    router hardenign simply means to shutdown features that are enabled by default but they are not used. If you want to implement firewall on router you can use cbac firewall or zbf firewall ( zone base firewall ).
    LVL 5

    Assisted Solution

    If you have Cisco IOS Software version 12.4 or later, there is a command you can execute at the command line called "auto secure" that will lead you through an interactive series of questions to apply configuration described in the guides the other experts linked above to reduce the router's threat vulnerability.  I believe there is also a similar configuration that can be applied with "Router Security Audit" in CCP, the router's GUI configuration management tool.
    LVL 33

    Expert Comment

    This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    Hi All,  Recently I have installed and configured a Sonicwall NS220 in the network as a firewall and Internet access gateway. All was working fine until users started reporting that they cannot use the Cisco VPN client to connect to the customer'…
    Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    733 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now