07-23-2007 12:38 PM - edited 03-11-2019 03:48 AM
Hello,
I have CBAC configured on an ISR and was wondering if temporary openings in ACLs will always show up when comitting the "show ip access-list" command. My assumption is that CBAC is not really opening temporary ports on acls at all if it doesn't show.
-Shikamaru
07-23-2007 01:50 PM
Shikamaru,
Your understanding is correct. You should see the temporary entries when you issue the 'show ip access-list' command. If you don't see the entry then the traffic isn't being permitted by CBAC.
HTH
Sundar
07-23-2007 02:01 PM
Sundar,, help me understand. I always throught that, especially in the case of CBAC, traffic isn't being filtered by CBAC that it passes through the ACL via temporary opening anyway. The reason I mention this is because CBAC on the firewall feature set can't filter every kind of traffic. So, if something makes it through the interface and CBAC doesn't have a protocol entry for it in the "ip inspect X" list", isn't it allowed to go through?
-Shikamaru
07-23-2007 02:20 PM
Yes that's correct.
CBAC will only create temporary opening(s) for the return traffic that's configured to be inspected at first place. Typically traffic from the inside is inspected to create temporary opening for return traffic on outside interface.
HTH
Sundar
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide