STIGQter: STIG Summary: Cisco IOS Router RTR Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020: STIGQter: STIG Summary: Cisco IOS Router RTR Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:SV-216577r531085_rule
V-216577
SRG-NET-000019-RTR-000009
CISC-RT-000290
CAT I
10
This requirement is not applicable for the DODIN Backbone.
Remove any BGP neighbors belonging to the alternate gateway service provider and configure a static route to forward Internet bound traffic to the alternate gateway as shown in the example below.
R5(config)#ip route 0.0.0.0 0.0.0.0 x.22.1.14
This requirement is not applicable for the DODIN Backbone.
Review the router configuration and verify that it is not BGP peering with an alternate gateway service provider.
Step 1: Determine the ip address of the ISP router
interface GigabitEthernet0/2
description Link to ISP
ip address x.22.1.15 255.255.255.240
Step 2: Verify that the router is not BGP peering with this router.
router bgp nn
no synchronization
bgp log-neighbor-changes
neighbor x.11.1.7 remote-as nn
neighbor x.11.1.7 password xxxxxxx
no auto-summary
In the example above, the router is not peering with the ISP.
If the router is BGP peering with an alternate gateway service provider, this is a finding.
V-216577
False
CISC-RT-000290
This requirement is not applicable for the DODIN Backbone.
Review the router configuration and verify that it is not BGP peering with an alternate gateway service provider.
Step 1: Determine the ip address of the ISP router
interface GigabitEthernet0/2
description Link to ISP
ip address x.22.1.15 255.255.255.240
Step 2: Verify that the router is not BGP peering with this router.
router bgp nn
no synchronization
bgp log-neighbor-changes
neighbor x.11.1.7 remote-as nn
neighbor x.11.1.7 password xxxxxxx
no auto-summary
In the example above, the router is not peering with the ISP.
If the router is BGP peering with an alternate gateway service provider, this is a finding.
M
4027