Re: CBAC : never work for me :(

From: GAURAV MADAN (gauravmadan1177@gmail.com)
Date: Thu Jan 29 2009 - 14:21:56 ARST

• Next message: Jared Scrivener: "RE: CBAC : never work for me :("
• Previous message: Jared Scrivener: "RE: CBAC : never work for me :("
• Maybe in reply to: GAURAV MADAN: "CBAC : never work for me :("
• Next in thread: Jared Scrivener: "RE: CBAC : never work for me :("
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thnx for reply ..
but still didnt made any sense to me

what u tried to said is :

If i would have configured this in "IN" direction ; this would have worked .

please tell me "ip inspect CBAC in " and " ip inspect CBAC out "
how would this bee read by router ?

Gaurav Madan

On Thu, Jan 29, 2009 at 9:47 PM, Anthony Sequeira <
asequeira@internetworkexpert.com> wrote:

> You have correctly configured the inspection of your UDP sessions from the
> inside network (behind R5), to the outside network (behind the backbone).
>
> What you have failed to configure is an access-list inbound on R5 Fa0/0
> that blocks all traffic.
>
> Please note, you could have also configured your inspection inbound on the
> inside interface of R5.
>
>
> Warmest regards,Anthony J. Sequeira, CCIE #15626, CCSI #23251Senior CCIE
> Instructorasequeira@internetworkexpert.comInternetwork Expert,
> Inc.http://www.InternetworkExpert.comToll>Free: 877-224-8987Outside US:
> 775-826-4344
>
>
> ----- Original Message -----
> From: "GAURAV MADAN" <gauravmadan1177@gmail.com>
> Sent: Thu, January 29, 2009 9:05
> Subject:CBAC : never work for me :(
>
> Hi Friends
>
> CBAC is one gray area that i dont undertsnd at all.. please help me in
> poiintg whre am i wrong
>
>
> R5 192.10.1.5 f0/0.52============= 192.10.1.254BB
>
> I want traffic from outside to come in my network if and only if initiated
> from inside my network.
>
> first i configured :
>
> ip inspect name CBAC udp
>
> int f0/0.52
> ip inspect CBAC out
>
> i expect that all my tcp sessions to BB (like BGP ) will fail .. also i
> expect ping to BB will fail etc etc (because i have permitted only udp)..
> rest policies i will appply later . But here only my understainding is
> failing . I am able to pin BB , tcp sessions are UP
>
> Also please clearify about the direction of this
>
> Thnx in advace
> Gaurav Madan
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
> ----- End of original message -----

Blogs and organic groups at http://www.ccie.net

• Next message: Jared Scrivener: "RE: CBAC : never work for me :("
• Previous message: Jared Scrivener: "RE: CBAC : never work for me :("
• Maybe in reply to: GAURAV MADAN: "CBAC : never work for me :("
• Next in thread: Jared Scrivener: "RE: CBAC : never work for me :("
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:43:40 ARST