Lab Setup

  • Make the connection as per the topology.
  • Use the IP addressing chart below to assign IP address to the routers.
  • Make sure all three routers are configured with RIPv2. And can ping each other.

IP Addressing Schema

Router

Interface

IP Address

R1

F0/0

100.1.12.1/24

F0/1

100.1.13.1/24

R2

F0/0

100.1.12.2/24

R3

F0/1

100.1.13.3/24

Lab Objective

Configure R1 to perform a generic TCP, UDP and ICMP inspection. Make sure that only the traffic that was initiated from inside is allowed back in. You should also allow the appropriate traffic through.

R1 Configuration

R1(config)#access-list 100 permit udp any any eq 520 (This ACL permits the UDP traffic of RIP)

R1(config)#access-list 100 deny ip any any log (Deny to generated log of UDP-RIP Traffic)

R1(config)#ip inspect name FW tcp (Inspect the tcp traffic) R1(config)#ip inspect name FW udp (Inspect the udp traffic) R1(config)#ip inspect name FW icmp (Inspect the icmp traffic)

R1(config)#int fa 0/0

R1(config-if)#ip access-group 100 in (Apply the ACL to interface)

R1(config-if)#ip inspect FW out (Apply the Inspection rule to interface)

Verification

  • To see the sessions, Telnet from R3 to R1, After telnet  type the below mentioned command you will see the output ,  Once telnet session terminate , established sessions will gone.

R1#show ip inspect sessions

Setup of IPS on a Cisco Firewall Router Fig 2

 

  • When you trying to telnet from R2 (which is our outside network) you will get some log messages on R1, which looks like below.

Setup of IPS on a Cisco Firewall Router Fig 3

 

And on R2 you will get the below messages.

Setup of IPS on a Cisco Firewall Router Fig 4

  • To see the inspection configuration with this below mentioned command.

R1#show ip inspect config

Setup of IPS on a Cisco Firewall Router Fig 5

 

  • To see, where the inspection rule is applied use below mentioned command show ip inspect interfaces.

Setup of IPS on a Cisco Firewall Router Fig 6