Hi All, Is their any type of vulnerability in this access kist access-list permit udp any any eq rip access-list permit ospf any any access-list permit eigrp any any This access list is applied to the wan iterface in the inbound direction. Or should it be according to the multicast addreses the specific routing protocol uses except Ripv1. another thing for ripv 1& 2 we can specify source port instead of any .can anybody suggest me that with the above access list what could be Implications. Thanx in Advance Regards, Munit
First of all having destination as any in the nat rule which will automatically be created by RSDM ,can we specify(in terms RSDM can) multicast addresses for specific routing protocol except rip v1 instead of allowing access to any address. and moreover do we need to specify the source port for rip instead of any port.This will work with the access-list u have mentioned but for security point of view is it safe and for proper routing updates. What I think is, OSPF , EIGR, RIP all these form the neighbor relationship only with the routers which are running the same corresponding routing protocol. So the routing updates will be sent to only those routers, which have formed the adjacencies. In this case when SDM defines the default access list, eventhough its been given any any, the routing updates can be taken only by the routers which have formed the adjacencies. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59442&t=59442 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]