RE: IP Inspect

From: Guyler, Rik (rguyler@shp-dayton.org)
Date: Thu Jun 02 2005 - 09:01:28 GMT-3

• Next message: joshua lauer: "RE: CCIE #14721"
• Previous message: Ian Henderson: "CCIE #14721"
• Maybe in reply to: Guyler, Rik: "IP Inspect"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thanks for your reply Bob...that helps me keep the logic straight - ACL
inbound with inspect outbound. I'll take your suggestion and get Richard's
book although I think I'll just save up for it. ;-}
 
Rik

  _____

From: Bob Sinclair [mailto:bsin@cox.net]
Sent: Wednesday, June 01, 2005 5:08 PM
To: Guyler, Rik; ccielab@groupstudy.com
Subject: Re: IP Inspect

Rik,
 
Lots of options, but the basic story is this:
 
1. Create and apply an extended access-list inbound the outside (public)
interface. CBAC will open up holes in this access-list for return,
inspected traffic.
        example:
            access-list 101 deny ip any any
            int s0/0
                ip access-group 101 in
       
 
2. Create a named inspection rule. This will define what traffic CBAC
should inspect.
        example:
            ip inspect name TEST tcp
            ip inspect name TEST udp
            ip inspect name TEST icmp
 
3. Apply the inspection rule outbound the outside (public) interface.
        example:
        int s0/0
            ip inspect TEST out
 
If you do not have Richard Deal's Cisco Router Firewall Security, then you
should sell something and get it. :}
ISBN: 1-58705-175-3
 
HTH,
 
Bob Sinclair
CCIE #10427, CCSI 30427, CISSP
www.netmasterclass.net <http://www.netmasterclass.net>

----- Original Message -----
From: Guyler, <mailto:rguyler@shp-dayton.org> Rik
To: 'ccielab@groupstudy.com' <mailto:'ccielab@groupstudy.com'>
Sent: Wednesday, June 01, 2005 2:56 PM
Subject: IP Inspect

I'm having a little trouble following the logic for "ip inspect" statements.
As I understand it you apply these to a public interface and the inspection
tracks sessions between hosts to allow for temporary access. That said, the
part that is a bit gray for me is the ACL that the docs mention and what
direction the inspect should go. Should I create an ACL that basically
denies everything and then let the inspect handle what goes out? Should I
also be inspecting traffic coming in? I think I'm too PIX-concentric to
understand the logic here.

If anybody can explain this to me or provide a link that explains it better
than CCO that would be great

Thanks in advance,

---
Rik

• Next message: joshua lauer: "RE: CCIE #14721"
• Previous message: Ian Henderson: "CCIE #14721"
• Maybe in reply to: Guyler, Rik: "IP Inspect"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Jul 06 2005 - 14:43:40 GMT-3