RE: Reflexive ACL v/s Established key ACL

From: OhioHondo (ohiohondo@columbus.rr.com)
Date: Wed Apr 30 2003 - 15:26:26 GMT-3

• Next message: Jason Graun: "RE: mutual redistribution"
• Previous message: Kristof Ulrix: "RE: ip split command"
• Maybe in reply to: Cristian Henry: "Reflexive ACL v/s Established key ACL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Christian

It is my understanding that the Reflexive ACL only exists as long as it is
in use. That gives more protection from outside intrusion that the extended
ACL with the "extablished" keyword.

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Cristian Henry
Sent: Wednesday, April 30, 2003 10:54 AM
To: ccielab@groupstudy.com
Subject: Reflexive ACL v/s Established key ACL

Just to test if I got a correct understanting about it.
Are the following configurations same?, thanks for your valuable opinion

Config 1:
interface ethernet0
 ip access-group 102 in
!
access-list 102 permit tcp any any gt 1023 established

Config 2:

interface ethernet0
 ip access-group inboundfilters in
 ip access-group outboundfilters out
!
ip access-list extended outboundfilters
 permit tcp any any reflect tcptraffic
!
ip access-list extended inboundfilters
 evaluate tcptraffic
!
ip reflexive-list timeout 120

--
Cristian E. Henry
REUNA

• Next message: Jason Graun: "RE: mutual redistribution"
• Previous message: Kristof Ulrix: "RE: ip split command"
• Maybe in reply to: Cristian Henry: "Reflexive ACL v/s Established key ACL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu May 01 2003 - 13:36:10 GMT-3