From: Edouard Zorrilla (ezorrilla@tsf.com.pe)
Date: Fri Feb 13 2009 - 10:14:37 ARST
Hi there,
I find out that in CBAC with "router-traffic" option (for instance : ip
inspect name CCIE-CBAC tcp router-traffic) can be solved.
Then the issue is just with RACL,
Regards
----- Original Message -----
From: "Edouard Zorrilla" <ezorrilla@tsf.com.pe>
To: <security@groupstudy.com>
Cc: <ccielab@groupstudy.com>
Sent: Friday, February 13, 2009 6:44 AM
Subject: Reflexive ACL and CBAC : Traffic locally generated (BGP)
> Hi,
>
> We know that locally generated traffic is not affected by outbound
> access-lists. This means that the local BGP traffic going out will not be
> subject to the reflection of the ACL, hence when evaluation occurs inbound
> the
> return BGP session will be denied.
>
> In the LAB:
>
> If I am asked to run into RACL or CBAC,
>
> 1.-
> Should I use local policy routing, as this forces the traffic to be
> treated as
> transit traffic and so it is reflected by outbound access-list ?
>
> or
>
> 2.-
> Should I fix this statically permit the session back inbound with a
> specific
> ACLs ?
>
>
> Any advice would be appreciated !
>
> Thanks,
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:44:11 ARST