From: Clay K Auch \(clauch\) (clauch@cisco.com)
Date: Wed Jul 25 2007 - 15:34:19 ART
I have one recommendation ... I just bought the book "Cisco Router Firewall Security" and I am supplementing it with the online docs. Great stuff ... Has answered a lot of question for me regarding ACLs. The book is truly a bonus by Deal because once I am done with this RS lab, I plan to move more into a security focus. This book will continue to give once I make that emphasis move.
Clay
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Bob Nelson
Sent: Sunday, July 15, 2007 10:20 PM
To: ccielab@groupstudy.com
Subject: Confused on Reflexive ACL
All:
I searched through the archives and did not find what I was looking for. I looked through the Cisco documentation and found some conflicting information on the same topic. Here are couple of quick questions:
1. On an exterior interface, is the extended applied in the outbound or inbound direction? My belief was that if applied in the outbound, that would create the entry in the nested ACL and allow return traffic back into the network. Clarify??
2. On an external facing interface, with NAT (outside) configured, will reflexive ACLs even work?
3. Unsure about the evaluate command. Cisco says the default is not to use it, but what does it do as opposed to the regular reflexive ACL?
Thanks and regards,
Bob
This archive was generated by hypermail 2.1.4 : Sat Aug 18 2007 - 08:17:42 ART