×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

IP Inspect

Unanswered Question
Oct 27th, 2007
User Badges:

In a book I just read, the chapter on IP Inspect tells you the ACL should be applied on the untrusted interface inbound, and so should the IP inspect rule. Now I agree with the ACL, however surely the IP inspect rule should be place outbound on the untrusted inteface?.. I tried this aswell and my sugesstion works and the other way doesnt

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
sundar.palaniappan Sat, 10/27/2007 - 20:32
User Badges:
  • Green, 3000 points or more

Your understanding is correct and it may be a typo error in the book. The IP inspect command should be applied outbound on untrusted interface or inbound on trusted interface. This way the router can inspect the traffic leaving the router and create a temporary dynamic opening for the return traffic on the ACL applied on the untrusted interface.


HTH


Sundar

Actions

This Discussion