>Sent: Wednesday, 16 September, 2020 04:39
>To: 'cisco-nsp@puck.nether.net'
>Subject: RE: [c-nsp] cisco ACL filter outbound only
>
>
>Actually standard packet filtering is supported by all Cisco products,
>and most others as well. Packet filters do not do state tracking. T
;From: cisco-nsp on behalf of Mike
>
>Sent: Tuesday, September 15, 2020 8:52 AM
>To: cisco-nsp@puck.nether.net
>Subject: Re: [c-nsp] cisco ACL filter outbound only
>
>On 9/15/20 8:08 AM, Brian Turnbow wrote:
>>> It just seems to me that it is indeed possible using the
Hi Mike,
Not a Cisco solution, but you might look into a
pfsense/opnsense/ipfire/whatever appliance - either physical or
virtual. Even a UBNT edgerouter can do basic stateful stuff if you have
one lying around.
All of these are inexpensive and (probably?) do what you need done. The
first
on't work, and then you can bounce the
config off TAC to get one of their "unsupported configuration" canned
responses. :]
From: cisco-nsp on behalf of Mike
Sent: Tuesday, September 15, 2020 8:52 AM
To: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] cisco
; From: Brian Turnbow
> To: Mike , "cisco-nsp@puck.nether.net" <
> cisco-nsp@puck.nether.net>
> Cc:
> Bcc:
> Date: Tue, 15 Sep 2020 16:10:01 +0000
> Subject: RE: [c-nsp] cisco ACL filter outbound only
> >
> > Again, the cli seems to indicate
--- Begin Message ---
>
> Again, the cli seems to indicate support for all the things necessary,
> which
> includes the idea of 'established', which is why I ask if THIS platform does
> in
> fact do what the cli suggests:
>
No it doesn't
You need to understand what established does.
It
On 9/15/20 8:08 AM, Brian Turnbow wrote:
>> It just seems to me that it is indeed possible using the above to put it
>> together. Is this all just non-working on this platform?
>>
> The difference is in connection state.
> An ACL does not track it so you can do
> Permit tcp any any established
>
--- Begin Message ---
>
> It just seems to me that it is indeed possible using the above to put it
> together. Is this all just non-working on this platform?
>
The difference is in connection state.
An ACL does not track it so you can do
Permit tcp any any established
Inbound or outbound on a
It would probably help if you elaborated on what type of connections will be
established through/from the device in question.
Sent from my iPhone
> On Sep 15, 2020, at 9:45 AM, Mike wrote:
>
> On 9/15/20 3:12 AM, Nick Hilliard wrote:
>> Mike wrote on 15/09/2020 02:17:
>>> I have some
On 9/15/20 3:12 AM, Nick Hilliard wrote:
> Mike wrote on 15/09/2020 02:17:
>> I have some gear that needs a public ip, but does not have the best
>> security profile, and I want to put up an ACL that only permits this
>> gear to make outbound connections while dropping all inbound. My router
Mike wrote on 15/09/2020 02:17:
I have some gear that needs a public ip, but does not have the best
security profile, and I want to put up an ACL that only permits this
gear to make outbound connections while dropping all inbound. My router
is an ASR920 running IOS-XE 03.17.03.S. Does
Hello,
I have some gear that needs a public ip, but does not have the best
security profile, and I want to put up an ACL that only permits this
gear to make outbound connections while dropping all inbound. My router
is an ASR920 running IOS-XE 03.17.03.S. Does anyone have a simple
copy/paste
12 matches
Mail list logo
