I've a question regarding the email topic:
How's the behavior of ASA/PIX ACL vs Router ACL?
Let's say for Router:
R1 (s0/0) --- (s0/0) R2 --- CS-ACS
- R1 has an inbound ACL on interface s0/0
- R1 and R2 running OSPF
- Therefore, we need a "access-list permit 120 ospf host (R2_s0/0) host (R1_s0/0)" to allow OSPF adjacencies to be up and advertise networks
- R1 will also need to have another ACL to enable RADIUS "access-list permit udp 120 host (CS-ACS) host (R1_s0/0) eq 1645"
However, for a PIX/ASA case:
PIX/ASA (outside) --- (s0/0) R2 --- CS-ACS
- PIX/ASA does not require any ACL to achieve the above (unless for traffic transiting the PIX/ASA, then we need to allow outside to inside ACL)
The ACL implementation are totally different for both devices. Can anyone help to explain the above behavior and point me to a URL which have a good explaination? :)