Re: BGP Reflective ACL
From: Cagri Yucel (cyucel@gmail.com)
Date: Tue Oct 03 2006 - 03:33:28 ART
Not really ;)
The problem is that the BGP connection might be initiated from both sides so
the source port of 179 should be allowed in both directions.
Hope this helps.
On 10/3/06, uyota oyearone <spycharlies@hotmail.com> wrote:
>
> hey Guys
>
> am really not a security expert, but am trying to understand the
> differences btw these two commands , they seems to be doing
> thesame thing for me
>
> ip access-list extended INBOUND
> permit tcp host 10.10.10.254 eq 179 host 10.10.10.1 gt 1024
>
> AND
>
> ip access-list extended INBOUND
> permit tcp host 10.10.10.254 host 10.10.10.1 eq bgp
> permit tcp host 10.10.10.254 eq bgp host 10.10.10.1
>
> thanks
>
> Uyota
>
> -- Uyota Oyearone,CCNA,MCDBA,MCSE(Messaging/Security)
> IT Consultant (Freelance)
> Computer Integrated Solutions
> 35 Fountainhead rd,Unit 617
> Downsview, ON, Canada.
> Tel:(416) 3177045, 7414119
> uyota@hotmail.com
> Network Architecture � Technology Consultants� Technical Support � Sales
> & Repair
>
> ------------------------------------------------------------------------
>
> Buy what you want when you want it on Sympatico / MSN Shopping
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
--
-cagri
This archive was generated by hypermail 2.1.4
: Wed Nov 01 2006 - 07:29:04 ART