I see now in the DSG for task 2.8 Tyson also have deny ip any any log to identify forgotten ports.
From: Jimmy Larsson [mailto:[email protected]] Sent: 14 June 2010 07:22 PM To: Johan Bornman Cc: OSL Security Subject: Re: [OSL | CCIE_Security] IOS Firewalls Hi Johan I always add "ip inspect log drop" whenever I inspect something and "deny ip any any log" when blocking traffic with acl. Br Jimmy 2010/6/14 Johan Bornman <[email protected]> Hi, What is the best or quickest way to check if I am blocking anything I should not be blocking after configuring IOS firewalls and filtering? Thanks Johan _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com -- ------- Jimmy Larsson Ryavagen 173 s-26030 Vallakra Sweden http://blogg.kvistofta.nu -------
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
