Hey Steve, Yes, only ospf. It's a lab from one of the Video on demands, i believe Day security lab, can't remember what task. I don't have the sim running right now but the outbound acl permits www, 443 and ssh i think.
I just found it curious that you only need it one way. I guess once the tcp session is setup all is exchanged forward within that one session from there on. Alef On Jul 12, 2011, at 11:42 PM, Di Bias, Steve wrote: > That will work, but is OSPF they only thing you want to let in? What does the > outbound ACL (102) look like? What lab are you working on? > > Thank you, > > Steve Di Bias > Network Engineer - Information Systems > Valley Health System - Las Vegas > Office - 702- 369-7594 > Cell - 702-241-1801 > [email protected] > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Alef > Sent: Tuesday, July 12, 2011 2:59 PM > To: [email protected] IE > Subject: [OSL | CCIE_RS] allowing ospf in acl > > When you have say r1 and r2 > and you want to only allow ospf in > > would applying this on R1 fa0/0 (assuming this is the connecting interface to > R2) inbound be sufficient? > Extended IP access list 101 > 10 permit ospf any any (4826 matches) > > it seems it is. Do we not need to allow ospf going out as well? In my lab R1 > has acl 102 outbound defined and there is nothing there about ospf. > > Regards, > Alef > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > > > UHS Confidentiality Notice: This e-mail message, including any attachments, > is for the sole use of the intended recipient (s) and may contain > confidential and privileged information. Any unauthorized review, use, > disclosure or distribution of this information is prohibited. If this was > sent to you in error, please notify the sender by reply e-mail and destroy > all copies of the original message. _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
