1. Home
  2. Networking
  3. Router firewall security

Chapter 13. Lock-and-Key Access Lists

One issue that you probably will have to face is allowing your users to access your network remotely, typically through a public network such as the Internet. In most situations, you will use a Virtual Private Network (VPN) to provide for the connectivity. VPNs are discussed in Part VIII, "Virtual Private Networks." However, one limitation that VPNs have is that, after users are connected through a secure connection to your network, they have free reign over internal resources. You could implement an ACL to restrict their traffic, but this ACL applies to all users accessing a resource.

Some mechanism is needed to authenticate users and restrict what resources they can access. Cisco has two solutions to this problem:

  • Lock-and-key ACLs

  • Authentication proxy

This chapter focuses on lock-and-key ACLs; the next chapter focuses on authentication proxy.



    		Part I: Security Overview and Firewalls
    		Part II: Managing Access to Routers
    		Part III: Nonstateful Filtering Technologies
    		Part IV: Stateful and Advanced Filtering Technologies
    		Part V: Address Translation and Firewalls
    		Part VI: Managing Access Through Routers
    		Chapter 13. Lock-and-Key Access Lists
    		Lock-and-Key Overview
    		Lock-and-Key Configuration
    		Lock-and-Key Example
    		Summary
    		Chapter 14. Authentication Proxy
    		Chapter 15. Routing Protocol Protection
    		Part VII: Detecting and Preventing Attacks
    		Part VIII: Virtual Private Networks
    		Part IX: Case Study