From: Jared Scrivener (jscrivener@ipexpert.com)
Date: Thu Jan 29 2009 - 14:21:35 ARST
Hey Gaurav,
For what you want to achieve I'd suggest the following:
ip inspect name CBAC udp
access-list 101 deny ip any any
int f0/0.52
ip inspect CBAC out
ip access-group 101 in
For CBAC to function it creates a list of traffic flows that are allowed to
bypass the access-list for return traffic. If there is no ACL then all
traffic gets back in.
Cheers,
Jared Scrivener CCIE3 #16983 (R&S, Security, SP), CISSP
Technical Instructor - IPexpert, Inc.
Telephone: +1.810.326.1444
Fax: +1.810.454.0130
Mailto: jscrivener@ipexpert.com
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
GAURAV MADAN
Sent: Thursday, 29 January 2009 11:05 AM
To: Cisco certification
Subject: CBAC : never work for me :(
Hi Friends
CBAC is one gray area that i dont undertsnd at all.. please help me in
poiintg whre am i wrong
R5 192.10.1.5 f0/0.52============= 192.10.1.254BB
I want traffic from outside to come in my network if and only if initiated
from inside my network.
first i configured :
ip inspect name CBAC udp
int f0/0.52
ip inspect CBAC out
i expect that all my tcp sessions to BB (like BGP ) will fail .. also i
expect ping to BB will fail etc etc (because i have permitted only udp)..
rest policies i will appply later . But here only my understainding is
failing . I am able to pin BB , tcp sessions are UP
Also please clearify about the direction of this
Thnx in advace
Gaurav Madan
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:43:40 ARST