Re: Reflexive ACL

From: ahmet seckin (elektronikadam@yahoo.com)
Date: Tue Jun 17 2008 - 18:06:43 ART

• Next message: Narbik Kocharians: "Re: Network Segregation assistance"
• Previous message: Dane Newman: "Re: IDS for IPS freezing on load at 77%"
• Maybe in reply to: Nitro Drops: "Reflexive ACL"
• Next in thread: Nitro Drops: "RE: Reflexive ACL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Nit,
The traffic that hits the incoming ACL is not the local traffic. It is the traffic that comes from the other party, destined to local ip address. It makes sense to check every packet that comes from outer world(we may not want to send everybody to telnet to the device for example), but it is OK not to apply the filtering policy if WE(router) are trying to send a packet to outer world.
Cheers
Ahmet

----- Original Message ----
From: Nitro Drops <nitrodrops@hotmail.com>
To: ccielab@groupstudy.com
Sent: Tuesday, June 17, 2008 12:08:44 PM
Subject: Reflexive ACL

Hi Guys,

Was studying security today. Came across Refexive ACL. It says 'local traffic is not reflected when it is sourced by the local router'.

I understand that it is not reflected because the local traffic is not hitting the outbound ACL, but why isnt the local traffic hitting the outbound ACL? and yet it is able to hit inbound ACL?

Any guru can kindly explain a bit more.

Cheers
Nit

• Next message: Narbik Kocharians: "Re: Network Segregation assistance"
• Previous message: Dane Newman: "Re: IDS for IPS freezing on load at 77%"
• Maybe in reply to: Nitro Drops: "Reflexive ACL"
• Next in thread: Nitro Drops: "RE: Reflexive ACL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Jul 01 2008 - 06:23:22 ART