Statefull Packet Inspection

Unanswered Question
vikram_anumukonda Sun, 02/22/2009 - 04:57
User Badges:
  • Bronze, 100 points or more

you will have to replace the "echo-reply" with "echo" in access-list 100 for a start, without which you will not be able to initiate a ping from unprotected networks.


and permit for ftp-data 20 , i don't think it's required as you are inspecting ftp connections originating from your protected network. Rest everything looks fine.

vikram_anumukonda Mon, 02/23/2009 - 00:09
User Badges:
  • Bronze, 100 points or more

Hi Ashish,


The directions are correct, the inspections configured inbound are going to punch holes in the ACL 100 to accomodate the return traffic.



Vikram

Actions

This Discussion