Official Lammle User Forum
SNRS Quick Reference Guide problem
Reading through the Cisco Press SNRS Quick Reference -- current one -- I have a problem with page 20. They're talking about how to configure CBAC with an ACL to block inbound traffic while applying "inspect" rules to the inside interface. They're obviously demonstrating the rule that says "put your rulesets closest to the source of the traffic." But it seems wrong.
They create an ACL that says:
access-list 100 deny ip any any
Then they create this inspect set:
ip inspect name MYFW tcp
ip inspect name MYFW udp
ip inspect name MYFW icmp
It breaks down here. They apply the ACL to the untrusted interface this way:
ip access-group 100 out
And the inspect ruleset to the trusted LAN interface:
ip inspect MYFW out
Shouldn't both of these rules end with "in"? That would put them closest to the traffic they're designed to filter. Interestingly, SDM seems to like to put the inspect ruleset on the outside interface inspecting outbound.
I guess I know my way is correct. I'm more wondering if there's any sense whatsoever in doing it according to the book or is this just another huge typo?
|Thread||Thread Starter||Forum||Replies||Last Post|
|BSCI Study guide||Nicholas||Routing||3||12-28-2009 10:32 AM|
|quick study guide for CCNA||naymyowin||Hiring (Jobs and Projects)||1||11-25-2009 07:59 AM|
|Subnetting Quick Ref. Guide||aguilera||Routing||0||07-16-2007 10:39 AM|