I Saw in the configuration IOS how to config CBAC
http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186
a0080094e8b.shtml
The Context-Based Access Control
(CBAC)<http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_c
fg_content_ac_ps6441_TSD_Products_Configuration_Guide_Chapter.html>feature
of the Cisco IOS. Firewall Feature Set actively inspects the
activity behind a firewall. CBAC specifies what traffic needs to be let in
and what traffic needs to be let out by using access lists (in the same way
that Cisco IOS uses access lists). However, CBAC access lists include ip
inspect statements that allow the inspection of the protocol to make sure
that it is not tampered with before the protocol goes to the systems behind
the firewall.
ip inspect name mysite ftp
ip inspect name mysite smtp
ip inspect name mysite tcp
1.Does it acts like reflexive access-list ?
2.If so , why not use reflexive access-list instead of CBAC ?
Blogs and organic groups at http://www.ccie.net
Received on Wed Apr 29 2009 - 09:53:09 ART
This archive was generated by hypermail 2.2.0 : Mon May 04 2009 - 07:39:13 ART