Security Basics mailing list archives

RE: Re: Re: Re: Re: router access control list

From: "Erick Jensen" <ejensen () vibrant com>
Date: Mon, 6 Nov 2006 14:07:27 -0600

Well, that is a very complicated config you have, no wonder you are
having troubles.  Here's my suggestions...

1. You need only to apply the ACL on ATM0 "IN", not out, that doesn't
matter.

2. I don't see the ACLs being applied to an interface in the config you
sent.  That should show up under the interfaces.  Be sure to apply them
outgoing on the ATM0.

3. You have multiple ACLs that rely on each other.  100 and 102 can be
combined.  You have the static NAT translations bound to ACL 102, so
they wouldn't have any effect on 110 or 111.  It's the static NAT
translations that would screw me up.  

If nothing is working, maybe you want to re-think the whole layout.
Just ALLOW the ports on ethernet0.  Then you could base them on the
INSIDE addresses and not have to deal with the static NAT translations.

Maybe someone with more telco experience wants to chime in here!
 

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of apaez1084 () gmail com
Sent: Monday, November 06, 2006 8:16 AM
To: security-basics () securityfocus com
Subject: Re: Re: Re: Re: Re: router access control list

ok the ACL 111 is just a test to see if its actually working. IM going
to paste my show run. Im sure is a problem with what interface im
puting. and weather is in or out. Maybe i still havind understood that
concept. But here we go, see if someone can help, and ask me anything
you want:

Omitted.


---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Current thread:

RE: Re: Re: router access control list, (continued)
- RE: Re: Re: router access control list Erick Jensen (Nov 03)
- Re: Re: Re: Re: router access control list apaez1084 (Nov 03)
- Re: Re: Re: Re: Re: router access control list apaez1084 (Nov 06)
  - RE: Re: Re: Re: Re: router access control list David Gillett (Nov 07)
- RE: Re: Re: Re: router access control list Erick Jensen (Nov 06)
- Re: Re: Re: Re: Re: router access control list apaez1084 (Nov 06)
  - RE: Re: Re: Re: Re: router access control list Dixon, Wayne (Nov 06)
- Re: Re: Re: Re: Re: Re: router access control list emptybeerkann (Nov 06)
- Re: Re: Re: Re: Re: Re: Re: router access control list apaez1084 (Nov 07)
  - RE: Re: Re: Re: Re: Re: Re: router access control list David Gillett (Nov 07)
- RE: Re: Re: Re: Re: router access control list Erick Jensen (Nov 07)