RE: CBAC query

From: Reza Toghraee (reza@toghraee.com)
Date: Sun Nov 23 2008 - 14:23:51 ARST

• Next message: Scott M Vermillion: "RE: Got my CCIE# 22673 last monday!"
• Previous message: Farhan Anwar: "Re: CCIE Salary Survey"
• Maybe in reply to: GAURAV MADAN: "CBAC query"
• Next in thread: Jason Madsen: "Re: CBAC query"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Gaurav,

Hope this from my notes help you to make CBAC get clicked in your mind.

Reflexive ACL, CBAC both can be used to turn the router into a stateful
firewall. A stateful firewall means that when traffic leaves the network, it
is noted in a STATE-TABLE. when traffic tries to come back into network it
is only allowed in if there is a previously created entry in the state
table.

for both of these methods, the ROUETR LOCAL TRAFFIC can not be matched. you
need to do a PBR to a Loobback interface.

What CBAC can do: Traffic Inspection, SYN flood block, Alerts, Audit,
Intrusion Prevention FOR PROTOCOL WHOCH IT KNOWS.
CBAC creates temporary entries in ACLs (in oposit direction of packet)
automatically and hidden

Q: Configure R5 to only allow traffic in Ethernet connection if it has been
originated from inside use CBAC to do this. for connectivity testing
purposes ensure that R5 can ping BB2.

R5

ip inspect name CBAC tcp
ip inspect name CBAC udp
ip inspect name CBAC icmp
!
ip access-list extended INBOUND
 permit icmp any host 192.10.1.5 echo-reply
 permit tcp any any eq bgp
 permit tcp any eq bgp any
!
interface ethernet 0/0
 ip address 192.10.1.5 255.255.255.0
 ip access-group INBOUND in
 ip inspect CBAC out
!

notes: the inboud ACL is designed to match the router originated traffic.
        CBAC applied outbound, effects inbound traffic, automatically
creates enties in INBOUND ACL.

Regards
Reza Toghraee

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
GAURAV MADAN
Sent: Sunday, November 23, 2008 6:46 PM
To: ccie forum
Subject: CBAC query

Hi Group

I am really confused ; trying to figure out how CBAC functions and how is it
different from reflexive ACLs.
Here is what I am trying

ip inspect name TEST tcp
ip inspect name TEST udp
ip inspect name TEST icmp

                 R1---f0/1---------------------------R4
                 |f0/0
                 |
====================
| |
R2 R3

If I apply "ip inspect TEST in " on f0/0 of R1 .. what purpose it serves?
Does it inspect tcp , udp and icmp traffic coming in f0/0 and this is only
traffic allowed to come to inside network via f0/1
I mean if I want TCP , UDP and ICMP traffic initiated from inside network to
access outside network ; what will be CBAC way of doing this and how to test
this ?

Is there a good writeup on same .. DOC cd is not very helpful in this

Gaurav Madan

Blogs and organic groups at http://www.ccie.net

• Next message: Scott M Vermillion: "RE: Got my CCIE# 22673 last monday!"
• Previous message: Farhan Anwar: "Re: CCIE Salary Survey"
• Maybe in reply to: GAURAV MADAN: "CBAC query"
• Next in thread: Jason Madsen: "Re: CBAC query"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Dec 01 2008 - 08:18:31 ARST