I'm trying to protect my network using access-list, what's inside are a gatekeepers and billing system plus some other services, but by using the bellow access-list wont work if my last statements says, deny ip any any, what I'm doing wrong please? Please not this access-list been applied at the WAN interface as inbound. Obviously I get allow some extra traffics through, but not sure what protocols to allow without compromising the security.
Create access lists for each protocol you wish to filter, per router interface. For some protocols, you create one access list to filter inbound traffic, and one access list to filter outbound traffic.
To create an access list, you specify the protocol to filter, you assign a unique name or number to the access list, and you define packet filtering criteria. A single access list can have multiple filtering criteria statements.
I've got this doc and do understand what's required, ie what to filter and where to apply them, but my question was, why when I apply my list with deny ip any any I do lose the connection to the internet? Any idea what's missing from the list? May be I need to draw a LAN/WAN map and explain to you what I'm trying to protect, please let me know if that's needed.
Introduction: The "external-out enable" command is available for
configuration under the "router ospf process" in case of the IOS-XR
operating system. This command basically enables advertisement of
intra-area routes on the device as external routes in th...
Introduction Basic configuration for netflow Scale parameters for
netflow Netflow support Architecture Packet flow for netflow Inside the
LC CPU Netflow Cache size, maintenance and memory Sample usage Cache
Size Aging Permanent cache Characteristics Which...