Hello All, I was going through the CBAC section of the doc-cd yesterday and i found this :
(Other IP traffic, such as ICMP, cannot be inspected with CBAC and should > be filtered with basic access lists instead.) I thought CBAC inspect icmp and i labbed it up. I found that ICMP traffic triggered CBAC session creation and the return traffic was permitted ( even though i had a "deny ip any any" access-list on the outside interface in an inbound direction) Here's the article -> http://www.cisco.com/en/US/docs/ios/sec_data_plane/configuration/guide/sec_cfg_content_ac_ps6441_TSD_Products_Configuration_Guide_Chapter.html Would appreciate your thoughts on this. Cheers, TacACK
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
