10-05-2009 11:18 PM - edited 03-06-2019 08:00 AM
I need to apply bogons list on my internet facing router in my organisation . suggest me were i need to apply this bogons list , whether to the interface which holding teleco circuit . for eg
interface faE 0/0
ip address 202.88.X.X 255.255.255.252
ip access group bogon_list in
else on my inside interface which is holding my Lan segment for Vpn server , webserver etc .
interface faE0/1
ip address 202.88.X.X 255.255.255.240
ip access group bogon_list in
if not i can apply on my inside interface on out side direction
ip access grop bogon_list out .
which is the better way suggest me . where to apply this . how this will prevent from outside access
Solved! Go to Solution.
10-05-2009 11:45 PM
Applying the bogon on the inbound of the outside (Telco) will allow you to protect your Internet facing router also. If you apply the bogon on inside interface, your Internet router will not be protected. (I've edited my previous post after posting)
You should put permit ip any any after the bogon to allow all other traffic.
Regards,
jerry
10-05-2009 11:36 PM
The bogon access list should be applied on the inbound of the outside interface (Telco circuit). This will allow you to protect your Internet facing router also. If you apply the bogon on inside interface, your Internet router will not be protected.
HTH,
jerry
10-05-2009 11:41 PM
Hi jerry
whether i can apply to outbound direction of inside interface ( Lan segment ) .
applying to inbound direction on outside interface ( Teleco circuit ) or to outbound direction of inside interface ( Lan segment ) meaning of the both is same or different , kindly clarify me on this plz . Thank you .
below to the bogons list whether i can apply permit ip any any statement to allow other ip traffic to permit inside to my lan segment
10-05-2009 11:45 PM
Applying the bogon on the inbound of the outside (Telco) will allow you to protect your Internet facing router also. If you apply the bogon on inside interface, your Internet router will not be protected. (I've edited my previous post after posting)
You should put permit ip any any after the bogon to allow all other traffic.
Regards,
jerry
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide