Thanks, Kings.
I think what I am asking for is a acl that can be used to quickly determine which packets are blocked/denied so that they can be allowed. From: Kingsley Charles [mailto:[email protected]] Sent: 14 June 2010 07:18 PM To: Johan Bornman Cc: OSL Security Subject: Re: [OSL | CCIE_Security] IOS Firewalls Hi Johan The tasks will mostly hint you what should be allowed. The FW configuration will be section 2.0 which is ahead of almost all tasks and at that time mostly you may need to allow the routing protocols. As you start other tasks after section 2.0, you need open the FW. For example, if the IOS FW on the way to AAA server you may need to open TACACS or RADIUS. But, mostly you may need to open on the ASA. The ASA is always put in between IPSec. AAA servers, ntp etc. If you are aware of the topology, it will strike you. With regards Kings On Mon, Jun 14, 2010 at 9:57 PM, Johan Bornman <[email protected]> wrote: Hi, What is the best or quickest way to check if I am blocking anything I should not be blocking after configuring IOS firewalls and filtering? Thanks Johan _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com <http://www.ipexpert.com/>
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
