Hello, Does anyone know how to tell the router to allow all AS's except for Private AS's for Ingress traffic? I know that .* tells it to allow all paths, but how do I exclude 65xxx (Private AS's)? I know about the keyword "remove-private-as", but this is for Egress (outbound) traffic. As far as I know it's for when your using confederations and such. Is this something I need to be concerned with? I'm not sure if this is something I should be spending my time on or not. Is it necessary to block inbound Private AS's? Please excuse my ignorance, I'm still learning! Thank You, Andre _________________________________ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]