Security Basics mailing list archives
RE: Re: Re: Re: Re: router access control list
From: "Erick Jensen" <ejensen () vibrant com>
Date: Mon, 6 Nov 2006 14:07:27 -0600
Well, that is a very complicated config you have, no wonder you are having troubles. Here's my suggestions... 1. You need only to apply the ACL on ATM0 "IN", not out, that doesn't matter. 2. I don't see the ACLs being applied to an interface in the config you sent. That should show up under the interfaces. Be sure to apply them outgoing on the ATM0. 3. You have multiple ACLs that rely on each other. 100 and 102 can be combined. You have the static NAT translations bound to ACL 102, so they wouldn't have any effect on 110 or 111. It's the static NAT translations that would screw me up. If nothing is working, maybe you want to re-think the whole layout. Just ALLOW the ports on ethernet0. Then you could base them on the INSIDE addresses and not have to deal with the static NAT translations. Maybe someone with more telco experience wants to chime in here! -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of apaez1084 () gmail com Sent: Monday, November 06, 2006 8:16 AM To: security-basics () securityfocus com Subject: Re: Re: Re: Re: Re: router access control list ok the ACL 111 is just a test to see if its actually working. IM going to paste my show run. Im sure is a problem with what interface im puting. and weather is in or out. Maybe i still havind understood that concept. But here we go, see if someone can help, and ask me anything you want: Omitted. --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- RE: Re: Re: router access control list, (continued)
- RE: Re: Re: router access control list Erick Jensen (Nov 03)
- Re: Re: Re: Re: router access control list apaez1084 (Nov 03)
- Re: Re: Re: Re: Re: router access control list apaez1084 (Nov 06)
- RE: Re: Re: Re: Re: router access control list David Gillett (Nov 07)
- RE: Re: Re: Re: router access control list Erick Jensen (Nov 06)
- Re: Re: Re: Re: Re: router access control list apaez1084 (Nov 06)
- RE: Re: Re: Re: Re: router access control list Dixon, Wayne (Nov 06)
- Re: Re: Re: Re: Re: Re: router access control list emptybeerkann (Nov 06)
- Re: Re: Re: Re: Re: Re: Re: router access control list apaez1084 (Nov 07)
- RE: Re: Re: Re: Re: Re: Re: router access control list David Gillett (Nov 07)
- RE: Re: Re: Re: Re: router access control list Erick Jensen (Nov 07)