From: Paul Borghese (pborghese@groupstudy.com)
Date: Fri Oct 18 2002 - 00:35:47 GMT-3
Reflexive access list do not have application layer proxy technology.
So you will be unable to use protocols that do not "behave" well.
For example Active FTP uses port 21 as the control port and port 20 to
send data. This will confuse reflexive access-lists and requires an
application layer proxy. CBAC has an application proxy for Active FTP
along with CU-SEE-ME, VDO Live, H.323, Real Audio and others.
You may also filter Java applets and protect e-mail servers with a form
of Mail Guard. CBAC also had better auditing and alert capabilities.
I wrote an article about CBAC in the May issue of Cisco World Magazine
if you have a copy lying around.
Hope this helps!
Paul Borghese
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Sam.MicroGate@usa.telekom.de
Sent: Thursday, October 17, 2002 9:36 AM
To: ccielab@groupstudy.com
Subject: Reflexive AL and CBAC
Hello everyone,
Can someone tell the main difference between the reflexive access list
and
class based access control? They seem very similar to me. The same use
and
the concept. The both filter traffic at the edge of the network. Only
traffic that originated from the inside will pass to the outside unless
you
configure otherwise. Thanks.
Sam
This archive was generated by hypermail 2.1.4 : Tue Nov 05 2002 - 08:35:50 GMT-3