Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
495
Views
0
Helpful
1
Replies

Best practice for CBAC

falain
Level 1
Level 1

‎02-20-2007 12:23 PM - edited ‎03-05-2019 02:28 PM

HI all,

I am running ios FW 12.4 on an ISR 2821:

13 DMZ on gig0/1 sub intfs

1 inside intf on gig0/0

1 outside intf on vlan1 (hwic 4 FE port)

I need ip inspection to allow return traffic to come back.

I can apply ip inspection on an interface with 2 methods :

1) on ingress traffic (ip inspect <name> in)

2) on egress traffic (ip inspect <name> out)

On each interface I apply an Acl on ingress traffic (ip access-group <ACL> in)

What is the best practice for a couple of interfaces :

1) Ingress intf: ip access-group <acl> in

egress intf : ip inspect <cbac> out

2) Ingress intf: ip access-group <acl> in

Ingress intf : ip inspect <cbac> in

Egress Intf : nothing

Most cisco samples talk only about 2nd case

Regards,

Alain

Labels:
0 Helpful
1 Reply 1
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card