RVS4000 Firewall

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by rafter81, Apr 28, 2008.

  1. rafter81

    rafter81 Guest

    This is the problem I'm having:.. :eek:

    I'm self-admittedly over concerned about firewalling off my internal network, and I'm having trouble getting the IP Based ACL functions to work the way I think they should work.

    Normally, the first rule I add is to turn off everything (Source ANY, Desination ANY, all protocals. I then allow the LAN to have access to HTTP, HTTPS, SMTP, POP3, NTP, and DNS. This is sufficient for most email and web browsing, As applications come up that I need, I open up those ports. The list above works fine for an old D-Link router I've been using.

    When I take the same approach with the RVS4000, I can't seem to get access to the WAN from the LAN. In the scenario below, I've disabled rule #7 in order to get it to work. I've tried the rule #7 source to be either ANY or just the WAN, but in both cases, as soon as I enable rule #7, I'm unable to access the WAN from the LAN. This doesn't make sense to me - especially in the case shown below where all I'm doing is disabling WAN access to the LAN.

    Would love some help..

  2. swinokur

    swinokur LI Guru Member

    RVS 4000 Firewall

    I think you may have blocked all traffic coming to the WAN port even if it originated from the LAN side. Try making rule 7 rule number 1 and then make rule 1 rule 7. I think in the Cisco world you block everything first and then open ports as needed. Your list allows what you want but the last rule may block everything you allowed. What may be happening is legitimate traffic that orignated on the LAN side is now being blocked on it's return because you said in rule 7 to block everything on the WAN side

    Just a guess on my part.

  3. Toxic

    Toxic Administrator Staff Member

    FYI there is a known issue with the RVS4000 IP-based ACLs and I have been told that a fix will be issues on the next firmware update. (no time scale when however)
  4. sdsm

    sdsm Guest

    I had the same problem but after some testing I saw your problem. You were blocking all traffic from the WAN. in #7 just change it to LAN and not WAN and it should work. swinokur did have a nice idea but that will not work for this router. The following pic is of my router's ACLs. The first line is allowing HTTP and then you would also do all of the other protocols that you want enabled. The last thing you do is deny anything else from the LAN. Mine denys all of this from a certain host (My wireless that I let my friends use).

    The only problem that I have is when I use these ACLs it does allow the internet but I cannot see any pictures or any videos. I looked in the log and I saw that the images and vids try to use other udp ports.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice