Does CBAC require an inbound ACL to function?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-14-2012 11:49 AM - edited 03-04-2019 04:20 PM
Having issues getting CBAC to work - does my confiuguration also require an ACL inbound on the port config below that does "deny any any" etc. then CBAC uses this ACl top open ports selectively etc,.
interface GigabitEthernet0/0
description DS-WAN
ip address 173.228.21.210 255.255.255.240
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip inspect SDM_LOW out
ip virtual-reassembly in
duplex full
speed 100
crypto map VPN_MAP
service-policy output IPCoS
thanks,
Simon
- Labels:
-
Routing Protocols
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-14-2012 11:54 AM
Hi Simon,
What about your CBAC is not 'working'?
If you do not have an ACL configured inbound it will not affect your inspect outbound but if this is a WAN interface why wouldn't you have an ACL for inbound traffic?
Please provide more info such as what is not working, and what is the goal you're trying to achieve by implementing CBAC. With this information, I can be of more help.
Kind Regards,
Kevin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-14-2012 11:57 AM
Actually I'm double checking my IT guys config. He didn't put an ACL inbound. My understanding is that I should have an ACL for inbound and then CBAC piggy-backs on this ACL to open up for inbound traffic that matches the inspected outbound traffic by session ID etc.
Simon
