You would need to allow it inbound on the ACL.
Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Technical Instructor - IPexpert, Inc. Mailto: [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com <http://www.ipexpert.com/> From: [email protected] [mailto:[email protected]] On Behalf Of Dnyaneshwar Gore Sent: Tuesday, May 18, 2010 5:49 AM To: [email protected] Subject: [OSL | CCIE_Security] Yusuf Lab 2 - Q2.4 Hi All, One doubt in CBAC functionality: CBAC allows only return traffic originated from inside. In this question, CBAC is configured on Giga0/0 in "out" direction and access-list blocking everything except ospf and icmp in "in" direction. CBAC is protecting SW1. My query is: How R6 is able to do telnet on port 8080 to SW1 ip address 192.168.41.2 as this traffic is not returned traffic. There is no state information for this traffic. This will be allowed only as returned traffic as per CBAC functionality. Pls help me to understand this behavior. Regards, DMG
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
