Re: doubt with access-list in Firewalls

From: Muhammad Nasim (muhammad.nasim@gmail.com)
Date: Sat Jun 28 2008 - 06:01:05 ART

• Next message: Narbik Kocharians: "Re: the relation between the route-reflector servers within the"
• Previous message: ciscosec sec: "doubt with access-list in Firewalls"
• Maybe in reply to: ciscosec sec: "doubt with access-list in Firewalls"
• Next in thread: Ramy Sisy: "RE: doubt with access-list in Firewalls"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

recommendation is to use sepcific acls for ESP, UDP, Routing Protocols

in case of icmp any any is fine

HTH

2008/6/28 ciscosec sec <cciesecurityccie@gmail.com>:

> Hello Group,
>
> I just had a doubt. In the labs is it ok to configure the access-list
> on Firewalls with any any.
>
> For eg if i were to configure IPSEC between 2 devices with the
> Firewall in between,
> can i configure the ASA as follows:
> access-list outside permit esp any any
> access-list outside permit upd any any eq isakmp
>
> or do we need to specify the exact hosts in the access list.
>
> Regards,
> raul
>
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>

-- 
Muhammad Nasim
Network Engineer
Saudi Arabia

• Next message: Narbik Kocharians: "Re: the relation between the route-reflector servers within the"
• Previous message: ciscosec sec: "doubt with access-list in Firewalls"
• Maybe in reply to: ciscosec sec: "doubt with access-list in Firewalls"
• Next in thread: Ramy Sisy: "RE: doubt with access-list in Firewalls"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Jul 01 2008 - 06:23:23 ART