From: David Lonnie (david.lonnie@gmail.com)
Date: Sun Jun 15 2008 - 13:01:04 ART
Hi,experts:
-----(e0)R1(s0)-------------------(s0)R2
R1:
interface e0/0
ip address 10.10.10.1 255.255.255.0
interface s0
ip address 8.8.12.1 255.255.255.0
R2:
interface s0
ip address 8.8.12.2 255.255.255.0
interface lo0
ip address 8.8.2.2 255.255.255.0
The question is that:
1.The PCs in the network 10.10.10.0/24 can telnet 8.8.2.2,all other traffics
to 8.8.2.2 will be blocked.
2.All traffics originating from 8.8.2.2 will be blocked,but allowed the
telnet traffics returning from 8.8.2.2
3.The telnet sessions will timeout in 10 mins.
4.All telnet sessions need to be audited.
It seems that i should use CBAC.
This is my configuration.
R1:
access-list 110 permit tcp 10.10.10.0 0.0.0.255 host 8.8.2.2 eq 23
access-list 110 deny ip 10.10.10.0 0.0.0.255 host 8.8.2.2
access-list 110 permit ip any any
access-list 120 deny host 8.8.2.2 any
access-list 120 permit ip any any
ip inspect name Telnet tcp audit-trail on
ip inspect tcp idle-time 10
interface s0
ip access-group 110 out
ip access-group 120 in
ip inspect Telnet out
But i'm really not sure if this can fulfill all the requirements.
Please correct me if there is something wrong.
Thanks in advance for your any input.
David.
This archive was generated by hypermail 2.1.4 : Tue Jul 01 2008 - 06:23:21 ART