Re: CBAC question

From: Kal Han (calikali2006@gmail.com)
Date: Wed Nov 15 2006 - 22:41:39 ART

• Next message: Michael Zuo: "VTP issue with IEWB-RS version 4 sample lab"
• Previous message: Kal Han: "Re: Unable to get the RA certificates on IOS"
• Maybe in reply to: secondie: "CBAC question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From what I know,
with respect to inspection and allowing the return traffic,
I think both will do the same thing.
in your case, applying cbac on the inside interface in the
inbound direction or on the outside interface in the outbound
direction.
I dont know if doing one way is better than the other ( tho
that will depend on want you are trying to inspect/permit/deny )

One more think I can think of is, the traffic originating from
same router. that might be affected by where you are going
to have your cbac inspection.
( can you please forward me any unicast replies ? )

Thanks
Kal

On 11/15/06, secondie <secondie@gmail.com> wrote:
>
> I have a router with outside ethernet and inside ethernet. I apply acl
> to outside interface in the inbound direction, that is clear to me.
> On what interface the CBAC should be applied? Inside interface in the
> inbound direction OR outside interface in the outbound direction?
>
> TIA
> -secondie

• Next message: Michael Zuo: "VTP issue with IEWB-RS version 4 sample lab"
• Previous message: Kal Han: "Re: Unable to get the RA certificates on IOS"
• Maybe in reply to: secondie: "CBAC question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Dec 01 2006 - 08:05:47 ART