Re: BGP Reflective ACL
From: Alexei Monastyrnyi (alexeim@orcsoftware.com)
Date: Tue Oct 03 2006 - 05:48:15 ART
Heya.
If I remember right a neighbor with lower IP address will start
negotiating TCP session first.
The way it is used really depends on what the rest of your reflexive ACL
is. You might end up triggering a reflexive part of ACL by routing
protocols traffic. Make sure you are allowed to do so.
A.
uyota oyearone wrote:
> hey Guys
>
> am really not a security expert, but am trying to understand the
> differences btw these two commands , they seems to be doing
> thesame thing for me
>
> ip access-list extended INBOUND
> permit tcp host 10.10.10.254 eq 179 host 10.10.10.1 gt 1024
>
> AND
>
> ip access-list extended INBOUND
> permit tcp host 10.10.10.254 host 10.10.10.1 eq bgp
> permit tcp host 10.10.10.254 eq bgp host 10.10.10.1
>
> thanks
>
> Uyota
>
> -- Uyota Oyearone,CCNA,MCDBA,MCSE(Messaging/Security)
> IT Consultant (Freelance)
> Computer Integrated Solutions
> 35 Fountainhead rd,Unit 617
> Downsview, ON, Canada.
> Tel:(416) 3177045, 7414119
> uyota@hotmail.com
> Network Architecture � Technology Consultants� Technical Support � Sales
> & Repair
>
> ------------------------------------------------------------------------
>
> Buy what you want when you want it on Sympatico / MSN Shopping
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4
: Wed Nov 01 2006 - 07:29:04 ART