Re: Access Lists On Routers [7:15830]
The more paranoid amongst us would apply a list inbound on the serial permitting only traffic to desired servers, and maybe established connections. Then on the ethernet interface, setup an inbound list that blocks connections that were originated by the servers, since a server shouldn't originate a connection. This last step would make the current IIS worm die pretty quickly. Brian - Original Message - From: "Tony van Ree" To: Sent: Monday, August 13, 2001 12:11 AM Subject: Re: Access Lists On Routers [7:15830] > Hi, > > This depends on what you are trying to acheive but under most circumstances > one would tend to block the traffic at the entry point. For example, if it > was traffic from the WAN the block it coming in on the WAN interface. If > however you wanted to see the traffic in the router for some reason then you > might apply the same access-list on the ethernet going out. > > So it really depends on what the needs of your access-lists are. Usually on > a 1 WAN port to 1 Ethernet port incoming from the WAN do it as INCOMING on > the WAN port. > > Just some long winded thoughts from an older guy. > > Teunis, > Hobart, Tasmania > Australia > > > On Monday, August 13, 2001 at 02:25:48 AM, yusuf ujjainwala wrote: > > > I am a network engineer and have been assigned a task of implementing > access > > lists on our routers. I have decided on implementing extended access lists > > permitting specific ports and restricting the other unwanted ports,but I am > > not sure as to where I should apply the access lists ,on the ethernet or > > serial interfaces ,and whether inbound or outbound access lists should be > > applied. > > Can somebody help me . > -- > www.tasmail.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=15882&t=15830 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Access Lists On Routers [7:15830]
I would agree. It all depends on your network and what you are trying to achieve with the Acl's. D'Wayne Saunders Network Admin Ph:08 89507742 Fax:08 89521112 Mobile: www.lasseters.com.au World's First Government Licensed and Regulated Online Casino... *** This email message (and attachments) may contain information that is confidential to Lasseters Online. If you are not the intended recipient you cannot use, distribute or copy the message or attachments. In such a case, please notify the sender by return email immediately and erase all copies of the message and attachments. Opinions, conclusions and other information in this message and attachments that do not relate to the official business of Lasseters Online are neither given nor endorsed by it. *** -Original Message- From: Tony van Ree [mailto:[EMAIL PROTECTED]] Sent: Monday, August 13, 2001 16:41 To: [EMAIL PROTECTED] Subject: Re: Access Lists On Routers [7:15830] Hi, This depends on what you are trying to acheive but under most circumstances one would tend to block the traffic at the entry point. For example, if it was traffic from the WAN the block it coming in on the WAN interface. If however you wanted to see the traffic in the router for some reason then you might apply the same access-list on the ethernet going out. So it really depends on what the needs of your access-lists are. Usually on a 1 WAN port to 1 Ethernet port incoming from the WAN do it as INCOMING on the WAN port. Just some long winded thoughts from an older guy. Teunis, Hobart, Tasmania Australia On Monday, August 13, 2001 at 02:25:48 AM, yusuf ujjainwala wrote: > I am a network engineer and have been assigned a task of implementing access > lists on our routers. I have decided on implementing extended access lists > permitting specific ports and restricting the other unwanted ports,but I am > not sure as to where I should apply the access lists ,on the ethernet or > serial interfaces ,and whether inbound or outbound access lists should be > applied. > Can somebody help me . -- www.tasmail.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=15839&t=15830 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Access Lists On Routers [7:15830]
Hi, This depends on what you are trying to acheive but under most circumstances one would tend to block the traffic at the entry point. For example, if it was traffic from the WAN the block it coming in on the WAN interface. If however you wanted to see the traffic in the router for some reason then you might apply the same access-list on the ethernet going out. So it really depends on what the needs of your access-lists are. Usually on a 1 WAN port to 1 Ethernet port incoming from the WAN do it as INCOMING on the WAN port. Just some long winded thoughts from an older guy. Teunis, Hobart, Tasmania Australia On Monday, August 13, 2001 at 02:25:48 AM, yusuf ujjainwala wrote: > I am a network engineer and have been assigned a task of implementing access > lists on our routers. I have decided on implementing extended access lists > permitting specific ports and restricting the other unwanted ports,but I am > not sure as to where I should apply the access lists ,on the ethernet or > serial interfaces ,and whether inbound or outbound access lists should be > applied. > Can somebody help me . -- www.tasmail.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=15834&t=15830 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Access Lists On Routers [7:15830]
I am a network engineer and have been assigned a task of implementing access lists on our routers. I have decided on implementing extended access lists permitting specific ports and restricting the other unwanted ports,but I am not sure as to where I should apply the access lists ,on the ethernet or serial interfaces ,and whether inbound or outbound access lists should be applied. Can somebody help me . Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=15830&t=15830 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]