Network Security Services
Cisco Router Configuration
1USA Security Services can configure Cisco routers for:
• T1 connectivity (both frame relay and point-to-point)
• BGP to upstream providers, peers, and internally where needed
• EIGRP (cisco-proprietary internal routing protocol)
• Load-balancing of traffic toward upstream providers, both BGP and non-BGP
environments
• Load-balancing of inbound traffic in multihomed BGP environments, where
feasible
• Stateless firewalling using Cisco router extended access lists
1USA Security Services can troubleshoot Cisco router based networks for:
• Routing loops
• Nonrouting local netblocks
• Nonrouting internet-located netblocks
• Route propogation problems
| Your Perimeter router *should* block local and private addresses from the 'outside'. This includes 127.0.0.0/8, 10.0.0.0/16 and so on. These are all addresses that are used *inside* a network, are private, and should *never* come in from the outside. Likewise, you usually block your own netblocks coming IN from the outside world as well. It is possible to forge any address in a packet, however 99% of the time it isn't useful to do so - except as a cover for something else. Faking an address means that the responses TO that forged packet normally goes back to the faked address, not the faker's. |