We want to restrict a Foundstone scanning box to only scan certain subnets on a pair of trunked switches. I've added a extended ACL to both switches (also tried a standard ACL) restricting the Foundstone to access certain devices.
Extended IP access list FOUNDSTONE
10 deny ip host 10.211.100.18 host 10.210.100.11
20 permit ip any any
Now for some reason traffic is still hitting 10.210.100.11 from 10.211.100.18 with the above ACL applied inbound to the links of these 2 switches back to the Core switches. How is that possible? There are no other trunks to other switches.
I peformed a packet capture on host 10.210.100.11 and I see the traffic making its way though (Foundstone box) is sending traffic using the T.125 protocol which I gather reading is IP.
Anyone had this problem before with T.125/Foundstone, the traffic making its way through an ACL. How can this be possible?.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...