Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
888
Views
0
Helpful
2
Replies

Does CBAC require an inbound ACL to function?

simonwynn
Level 1
Level 1

‎05-14-2012 11:49 AM - edited ‎03-04-2019 04:20 PM

Having issues getting CBAC to work - does my confiuguration also require an ACL inbound on the port config below that does "deny any any" etc. then CBAC uses this ACl top open ports selectively etc,.

interface GigabitEthernet0/0

description DS-WAN

ip address 173.228.21.210 255.255.255.240

no ip unreachables

no ip proxy-arp

ip flow ingress

ip nat outside

ip inspect SDM_LOW out

ip virtual-reassembly in

duplex full

speed 100

crypto map VPN_MAP

service-policy output IPCoS

thanks,

Simon

Labels:
0 Helpful
2 Replies 2

Kevin P Sheahan
Level 5
Level 5

‎05-14-2012 11:54 AM

Hi Simon,

What about your CBAC is not 'working'?

If you do not have an ACL configured inbound it will not affect your inspect outbound but if this is a WAN interface why wouldn't you have an ACL for inbound traffic?

Please provide more info such as what is not working, and what is the goal you're trying to achieve by implementing CBAC. With this information, I can be of more help.

Kind Regards,

Kevin

Kind Regards, Kevin Sheahan, CCIE # 41349
0 Helpful

simonwynn
Level 1
Level 1
In response to Kevin P Sheahan

‎05-14-2012 11:57 AM

Actually I'm double checking my IT guys config. He didn't put an ACL inbound. My understanding is that I should have an ACL for inbound and then CBAC piggy-backs on this ACL to open up for inbound traffic that matches the inspected outbound traffic by session ID etc.

Simon

0 Helpful
Customers Also Viewed These Support Documents