Official Lammle User Forum
09-10-2009, 10:29 AM #1Registered User
- Join Date
- Jul 2008
SNRS Quick Reference Guide problem
Reading through the Cisco Press SNRS Quick Reference -- current one -- I have a problem with page 20. They're talking about how to configure CBAC with an ACL to block inbound traffic while applying "inspect" rules to the inside interface. They're obviously demonstrating the rule that says "put your rulesets closest to the source of the traffic." But it seems wrong.
They create an ACL that says:
access-list 100 deny ip any any
Then they create this inspect set:
ip inspect name MYFW tcp
ip inspect name MYFW udp
ip inspect name MYFW icmp
It breaks down here. They apply the ACL to the untrusted interface this way:
ip access-group 100 out
And the inspect ruleset to the trusted LAN interface:
ip inspect MYFW out
Shouldn't both of these rules end with "in"? That would put them closest to the traffic they're designed to filter. Interestingly, SDM seems to like to put the inspect ruleset on the outside interface inspecting outbound.
I guess I know my way is correct. I'm more wondering if there's any sense whatsoever in doing it according to the book or is this just another huge typo?
By ladsteele in forum Network + Exam N10-005Replies: 1Last Post: 05-08-2013, 03:59 PM
By gabrielshorn in forum AnnouncementsReplies: 7Last Post: 03-28-2010, 12:51 PM
By naymyowin in forum Hiring (Jobs and Projects)Replies: 1Last Post: 11-25-2009, 06:59 AM
By Kaushal in forum AnnouncementsReplies: 2Last Post: 11-19-2008, 03:41 PM
By aguilera in forum RoutingReplies: 0Last Post: 07-16-2007, 09:39 AM