This is a short example on how to configure CBAC(Context Based Access Control) in IOS.
CBAC allows to configure stateful firewalling without using excessive ACLs.
#1 configure protocols, which we want to inspect
ip inspect name outside tcp
ip inspect name outside udp
ip inspect name outside icmp
ip inspect name outside ftp
#2 configure ACL for outside interface to block all traffic from the Internet
ip access-list extended inside
deny ip any any
#3 configure outside interface
int fa0/0
description out
ip access-group inside in
ip inpsect outside out
ip address 1.1.1.1 255.255.255.0
ip nat outside
#4 configure inside interface
int fa0/1
description inside
ip address 192.168.0.1 255.255.255.0
ip nat inside
CBAC allows to configure stateful firewalling without using excessive ACLs.
#1 configure protocols, which we want to inspect
ip inspect name outside tcp
ip inspect name outside udp
ip inspect name outside icmp
ip inspect name outside ftp
#2 configure ACL for outside interface to block all traffic from the Internet
ip access-list extended inside
deny ip any any
#3 configure outside interface
int fa0/0
description out
ip access-group inside in
ip inpsect outside out
ip address 1.1.1.1 255.255.255.0
ip nat outside
#4 configure inside interface
int fa0/1
description inside
ip address 192.168.0.1 255.255.255.0
ip nat inside
