Questions

Cisco 851 Newbie - "Firewall Wizard" configuration errors

+
0 Votes
Locked

Cisco 851 Newbie - "Firewall Wizard" configuration errors

latekhed
Hi There,

I've just purchased a Cisco 851 Router to (hopefully) replace a netgear that is giving me issues. Problem is, I can't seem to configure even a basic firewall without the router giving me errors.

Basically I'm configuring the router to act as internet router / dhcp server / port filtering for my web and email servers. My services are currently up and running with the old Netgear so I'm basically trying to configure the 851 through a crossover cable to the laptop.

After defaulting the router and trying to do a "Wizard" configuration, I get funny errors in the Command Delivery Status window like "class-map type inspect match-any sdm-cls-insp-traffic" and a host of others. The window tells me that I have an "Error detected at this command. Click OK" with no indication as to what may cause this and where the errors lie. Most of the time it seems when I try to configure a firewall (even a BASIC firewall at LOW SECURITY), that's when the errors pop up.

My second issue seems to be with DHCP. I'm trying to reserve a basic IP address scheme so that my laptop (and eventually the other servers in the network) pick up the same IP. So far, the laptop picks up the first lease, not the one I've assigned to it.

Anyone else had similar issues? I'm just about to return this thing (or drive over it very fast several times) and pick up another mfr's router. 20 + hours to "attempt" to configure without success. I'm not really up on IOS so I'm trying to use the GUI to configure this thing.

Any help would be appreciated. Tech support won't talk to me because I haven't purchased a "Support agreement" (isn't that the same as a warranty?)

Thx.
+
0 Votes
alex

Did you manage to fix the problem?

+
0 Votes
latekhed

Hi... Yes I did fix the issue. The Cisco SDM assumes that the router has zone-based firewall capability. It doesn't - you have to use the IOS commands to manually enter in a command so that SDM properly configures itself for a Context-Based firewall, which the 851 supports.

Here is the commands to tell SDM that the router supports Context-based rather than Zone Based firewall.

> Router(config)#ip inspect name fw tcp
> Router(config)#interface FastEthernet 4
> Router(config-if)#ip inspect fw out
> Router(config-if)#


Enter those in, then refresh SDM, and you should be able to configure your firewall rules from there.

Cheers!

+
0 Votes
matiasbeller

Hey, thats great info.
Yesterday i spent about 6 hours trying to make the firewall work without success. I?ll try again tomorrow with this help.
Do yo know how to block services to specific lan users? for example http o IM.
Thanks!