Re: Reflexive ACL

From: ahmet seckin (elektronikadam@yahoo.com)
Date: Wed Jun 18 2008 - 20:49:03 ART

• Next message: davidytk@netvigator.com: "¦^ÂСG RE: can anybody help me if buying WS-C6006"
• Previous message: Joseph Brunner: "RE: Private Vlan limitation"
• Maybe in reply to: Nitro Drops: "Reflexive ACL"
• Next in thread: Dinesh Patel: "Re: Reflexive ACL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Nit,
The routers do what we want them to do. It is basically a software
algorithm that makes the router decide what to do with a packet. Doc CD says
locally originated traffic is not checked by the outbound access list (it
could have been opposite-the IOS designers wanted this operation and compiled
it to work as this way) and this information is enough for us to configure the
reflexive access lists properly. We don't need to know the whole IOS software
and the detailed operation of the router to do this.
However, if you are
interested, you may find the following book useful : "Inside Cisco IOS
Architectures, Cisco Press."
Kind Regards
Ahmet

----- Original Message ----
From: Nitro Drops <nitrodrops@hotmail.com>
To: ahmet seckin
<elektronikadam@yahoo.com>; ccielab@groupstudy.com
Sent: Wednesday, June 18,
2008 3:29:55 AM
Subject: RE: Reflexive ACL

Thanks mate.
 
But how come the
local traffic is not hitting outbound ACL?

> Date: Tue, 17 Jun 2008 14:06:43
-0700
> From: elektronikadam@yahoo.com
> Subject: Re: Reflexive ACL
> To:
nitrodrops@hotmail.com; ccielab@groupstudy.com
>
> Hi Nit,
> The traffic that
hits the incoming ACL is not the local traffic. It is the traffic that comes
from the other party, destined to local ip address. It makes sense to check
every packet that comes from outer world(we may not want to send everybody to
telnet to the device for example), but it is OK not to apply the filtering
policy if WE(router) are trying to send a packet to outer world.
> Cheers
>
Ahmet
>
> ----- Original Message ----
> From: Nitro Drops
<nitrodrops@hotmail.com>
> To: ccielab@groupstudy.com
> Sent: Tuesday, June
17, 2008 12:08:44 PM
> Subject: Reflexive ACL
>
> Hi Guys,
>
> Was studying
security today. Came across Refexive ACL. It says 'local traffic is not
reflected when it is sourced by the local router'.
>
> I understand that it
is not reflected because the local traffic is not hitting the outbound ACL,
but why isnt the local traffic hitting the outbound ACL? and yet it is able to
hit inbound ACL?
>
> Any guru can kindly explain a bit more.
>
>
> Cheers
> Nit
> _________________________________________________________________
>
Easily publish your photos to your Spaces with Photo Gallery.
>
http://get.live.com/photogallery/overview
>
>
>

• Next message: davidytk@netvigator.com: "¦^ÂСG RE: can anybody help me if buying WS-C6006"
• Previous message: Joseph Brunner: "RE: Private Vlan limitation"
• Maybe in reply to: Nitro Drops: "Reflexive ACL"
• Next in thread: Dinesh Patel: "Re: Reflexive ACL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Jul 01 2008 - 06:23:22 ART