From: Rocco R21 (roccor21@hotmail.com)
Date: Mon Feb 26 2007 - 15:22:54 ART
permitting on the inbound and denying on the outbound. I'm setting this up
to have CBAC inspect inbound and audit telnet from the inside. A deny for
the outbound is to make CBAC inspect the return traffic destined for the
inside however I think since the outside interface is a loopback on the
router the outbound ACL will not be recognized unless I use a local policy
route-map and set the interface loopback. When I try doing that it doesn't
work so I'm thinking its not possible w/CBAC using a loopback as an external
destination address. I will probably have to do this on the hop prior
router.
>From: "Serdar Kut" <kutserdar@gmail.com>
>To: "Rocco R21" <roccor21@hotmail.com>
>CC: ccielab@groupstudy.com
>Subject: Re: local policy route-map w/CBAC
>Date: Mon, 26 Feb 2007 09:04:28 +0200
>MIME-Version: 1.0
>Received: from an-out-0708.google.com ([209.85.132.250]) by
>bay0-mc12-f6.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2444); Sun,
>25 Feb 2007 23:04:29 -0800
>Received: by an-out-0708.google.com with SMTP id c2so722557anc for
><roccor21@hotmail.com>; Sun, 25 Feb 2007 23:04:29 -0800 (PST)
>Received: by 10.114.151.13 with SMTP id y13mr1995203wad.1172473468652;
> Sun, 25 Feb 2007 23:04:28 -0800 (PST)
>Received: by 10.114.14.17 with HTTP; Sun, 25 Feb 2007 23:04:28 -0800 (PST)
>X-Message-Info: LsUYwwHHNt07nv3MYTV3Nze46fi3X5GNSXHXi6lbiv4=
>DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta;
>
>h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references;
>
>b=IlNmTZfdDDRZQGy42yf6Lh1G3qlbf8sX+mmNwLODfAgvHUOJmw8D7yZ15RNDemqAtOutYZrFfqx5lUofkXqIDUADa3qn7euOIDmGGr7LZwvM3dR3JX1pdS3QLRKUT9bGzNzUU/ckey67b+Jehah+kiaTZ0b95zoUpLAI5aNz5Ts=
>DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta;
>
>h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references;
>
>b=HJvJh8L2eR7eqp5pdr4vel92DWVxurP2ld8tMmPLhIrhESRTUP0CdkQknlb/OMyzvzNY4Xf51SIREhi1zPUk8yLAPlDfVYhXL14HhqdIdGY1htGQn/huhmlBOO33akSiPr9wDOhLpprUDDORQFt8BTaIaKJAUO7WZbD//tT7P90=
>References: <BAY115-F37CF45B5D671C08888DF1ACC8C0@phx.gbl>
>Return-Path: kutserdar@gmail.com
>X-OriginalArrivalTime: 26 Feb 2007 07:04:29.0627 (UTC)
>FILETIME=[5BE6A8B0:01C75974]
>
>hi,
>did you check the inbound acl? maybe your return traffic is not
>permitted?hence it is not checked by cbac, you should manually permit the
>return traffic inbound.
>
>
>On 2/25/07, Rocco R21 <roccor21@hotmail.com> wrote:
>>
>>Hi all,
>>
>>Anybody ever use a local policy route-map when configuring CBAC? I've been
>>playing around in my lab and I 'm setting it up as internal on an ethernet
>>interface but by default the router will not block outbound on the ACL
>>with
>>orginated traffic. I'm trying a local policy route-map and setting the
>>interface to my loopback but no luck. I was wondering if anybody ever came
>>across this scenerio?
>>
>>rr
>>
>>_______________________________________________________________________
>>Subscription information may be found at:
>>http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Thu Mar 01 2007 - 07:38:48 ART