This allows the "router generated" traffic, both tcp and udp in this case to be inspected and allowed or "pinholed" back in through the external access-list. Without this command, only traffic coming from the interface where you have applied the inspection rule will be allowed back in. Another instance where this command is useful is if you need to tftp or ftp traffic like ios images etc to the router and you have inspection enabled on the inside interface.
From: [email protected] [mailto:[email protected]] On Behalf Of Terry Little (terlittl) Sent: Thursday, March 11, 2010 2:09 PM To: [email protected] Subject: [OSL | CCIE_Security] lab 2 sec 2.6 In the solution the setup for the CBAC FW includes the router-traffic option. I can't find in the lab directions what requires that option. Can someone please let me know why this option is required/used. Terry Little [email protected] Phone: +1 425 468 1057 Mobile: +1 425 894 4109 Cisco Systems, Inc. Network Consulting Engineer World Wide Security Services Practice Cisco.com - http://www.cisco.com This email may contain confidential and privileged material for the sole use of the intended recipient. Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply email and delete all copies of this message. For corporate legal information go to: http://www.cisco.com/web/about/doing_business/legal/cri/index.html
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
