If CBAC is available, use it along with access-list
ip inspect name tcp
ip inspect name ucp
It will give you a stateful firewall.
-Michael
"Joe Morabito" wrote in message ...
>How can you apply an access list to a serial interface to block all
internet
>traffic without disabling the inside people from getting out?
>
>I have a 1720 with the serial deny ip any any and the ethernet uses an
>inside
>addressing scheme with nat to get to the outside.
>
>But when I apply the deny ip any any and access-group xxx in to the serial
>interface, people can no longer get outside. Any ideas?
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=14043&t=13928
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
