Cisco VPN 3000, Руководство пользователя

Страница: 260 / 502

13
Policy Management
13-10 VPN 3000 Concentrator Series User Guide
For all the default rules except VRRP In and Out , these parameters are identical:
Action = Forward
Source Address = Use IP Address/Wildcard-Mask =
0.0.0.0/255.255.255.255
= any address
Destination Address = Use IP Address/Wildcard-Mask =
0.0.0.0/255.255.255.255
= any address
For maximum security and control, we recommend that you change the Source Address and Destination
Address to fit your network addressing and security scheme.
Table 13-1: Cisco-supplied default filter rules
Filter Rule Name Direction Protocol TCP
Connection TCP/UDP
Source Port TCP/UDP
Destination Port ICMP
Packet
Type
Any In Inbound Any Don’t Care Range 0-65535 Range 0-65535 0-255
Any Out Outbound Any Don’t Care Range 0-65535 Range 0-65535 0-255
CRL over LDAP In Inbound TCP Don’t Care LDAP (389) Range 0-65535
CRL over LDAP Out Outbound TCP Don’t Care Range 0-65535 LDAP (389)
GRE In Inbound GRE
GRE Out Outbound GRE
ICMP In Inbound ICMP 0-18
ICMP Out Outbound ICMP 0-18
IKE In Inbound UDP Range 0-65535 IKE (500)
IKE Out Outbound UDP IKE (500) Range 0-65535
Incoming HTTP In Inbound TCP Don’t Care Range 0-65535 HTTP (80)
Incoming HTTP
Out Outbound TCP Don’t Care HTTP (80) Range 0-65535
Incoming HTTPS
In Inbound TCP Don’t Care Range 0-65535 HTTPS (443)
Incoming HTTPS
Out Outbound TCP Don’t Care HTTPS (443) Range 0-65535
IPSec-ESP In Inbound ESP
L2TP In Inbound UDP Range 0-65535 L2TP (1701)
L2TP Out Outbound UDP L2TP (1701) Range 0-65535
LDAP In Inbound TCP Don’t Care Range 0-65535 LDAP (389)
LDAP Out Outbound TCP Don’t Care LDAP (389) Range 0-65535
OSPF In Inbound OSPF
OSPF Out Outbound OSPF
Outgoing HTTP In Inbound TCP Don’t Care HTTP (80) Range 0-65535
Outgoing HTTP
Out Outbound TCP Don’t Care Range 0-65535 HTTP (80)