Sécurisation des routeurs Cisco Elaboré par Tatouh Nejiba Saida Djebbi Encadré par


Ping 1ère exemple :  Exigences



Download 1.87 Mb.
Page105/106
Date17.12.2020
Size1.87 Mb.
#55376
1   ...   98   99   100   101   102   103   104   105   106
securisation routeur cisco
CCNASv1.1 Chp02 Lab-A Secure-Routers Student 2, MODULE 18 Configuration dun Routeur, UML SerieTDn02
13.Ping
1ère exemple :
Exigences

À l'exception d‟Echo Reply (type 0), Temps dépassé (type 11), et Destination unreachable (type 3), le filtre d'entrée permet de bloquer tous les messages ICMP.

Procédures



Examen du principe configuration des routeurs Cisco pour assurer que les blocs ACL pénétration tous les types de trafic entrant message ICMP à l'exception de Echo Reply (type 0),Temps dépassé(type 11), et Destination unreachable (type 3).

interface FastEthernet 0/0


description to NIPRNet core router

ip address 199.36.92.1 255.255.255.252 ip access-group 100 in

access-list 100 permit icmp any any echo-reply

access-list 100 permit icmp any any time-exceeded access-list 100 permit icmp any any unreachable access-list 100 deny icmp any any log

Note: The above ACL could also look similar to the following using the icmp type codes instead of the icmp message type:

access-list 100 permit icmp any any 0


access-list 100 permit icmp any any 11
access-list 100 permit icmp any any 3
access-list 100 deny icmp any any log


Download 1.87 Mb.

Share with your friends:
1   ...   98   99   100   101   102   103   104   105   106



The database is protected by copyright ©ininet.org 2024
send message
    Main page
Guide
Instructions
Report
Request
Review