Hello people from the list.
I have a question regarding CBAC and the direction
that it should be applied on a "firewall" router.
I have a Router (Router 1) that is the boundary
between an internal router (Router 6) which is
attached to F0/0 of Router 1 and the rest of the
network which Router 1 connects through F0/1 and S0/0.
The question is asking to deny all traffic but ICMP
coming from R6 to the rest of the network. This is
done on R1.
Then, they are asking to block all Java Applets except
those originated by R6. This is also done on R1.
Now, according to their answer this is achieved by
setting up an INBOUND ACL on F0/0 (R1) allowing only
ICMP from R6 (the internal router).
The part that I do not understand is that they are
configurig an inspection rule OUTBOUND on F0/0 (the
internal interface).
The way I see it, the Inspection Rule should be
applied Inbound on F0/0 of R1. Am I wrong?
This is the way it looks on their Answer Key:
*********************************
ip access-list extended Security
permit icmp any any
interface fastethernet 0/0
ip access-group Security in
access-list 1 permit host 172.16.106.1--- (R6's ip)
ip inspect name Block-Java http java-list 1
interface fastethernet 0/0
ip inspect Block-Java out
****************************
Any feedback would be appeciated.
THX
____________________________________________________________________________________Sick
sense of humor? Visit Yahoo! TV's
Comedy with an Edge to see what's on, when.
http://tv.yahoo.com/collections/222
