Statefull Packet Inspection

Unanswered Question
vikram_anumukonda Sun, 02/22/2009 - 04:57

you will have to replace the "echo-reply" with "echo" in access-list 100 for a start, without which you will not be able to initiate a ping from unprotected networks.

and permit for ftp-data 20 , i don't think it's required as you are inspecting ftp connections originating from your protected network. Rest everything looks fine.

vikram_anumukonda Mon, 02/23/2009 - 00:09

Hi Ashish,

The directions are correct, the inspections configured inbound are going to punch holes in the ACL 100 to accomodate the return traffic.

Vikram

Actions

This Discussion