3.2.2 Set inbound 'ip access-group' on the External Interface

Information

This command places the router in access-list configuration mode, where you must define the denied or permitted access conditions by using the deny and permit commands.

Solution

Apply the access-group for the external (untrusted) interface
hostname(config)#interface {external_interface}
hostname(config-if)#ip access-group {name | number} in

See Also

https://workbench.cisecurity.org/files/508

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-7(11)

Plugin: Cisco

Control ID: 90701bd68f84bc14fb014edf0ed0eea85b110e9f8e641619da7bc403615b7224