Its all about what you want CBAC to do for you. CXBAC is there to prevent access from outside to your network, so from inside to outside so keep as loose a possible, hence standard access lists.
For inbound access, then if you want CBAC to look at it, the inspection must be more granular. For the purposes of CBAC you trust whats going out so access can be a vague as you want, but inbound you do not trust at all, BUT it just might be valid, but you wnat to inspect and know as much about the inbound tarffic as possible before you make a decision on letting it in. Hunt Lee wrote: > > I have read the MCNS (Cisco Press) book several times, > expecially on Chapter > 8, however, I'm still very confused about the following > question: > > The book states that when configuring CBAC on an external > interface, > > 1) The Outbound Access-List can be standard or extended > 2) The Inbound Access-List MUST be extended > > And when configuring CBAC on an external interface, > > 1) The Inbound Access-List at the internal interface or > Outbound > Access-List can be either standard or extended > 2) The Outbound Access-List at internal interface or Inbound > Access-List > at external interface MUST be extended. > > It also states that for CBAC to create a temporary opening in an > access-list, the access-list Must be extended? > > > Any help is greatly appreciated. > > Best Regards, > Hunt Lee > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27973&t=27751 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
