Hey all When securing your router according to RFC 2827 for the lab exam, would it be a good idea to configure both an inbound and an outbound ACL, as in the configuration below, or just an inbound ACL.
The configuration assumes the following: - interface fa0/0 is the unsecure interface - the following public range is used internally too - 184.1.0.0/16 ip access-list ext INBOUND deny ip 10.0.0.0 0.255.255.255 any deny ip 172.16.0.0 0.15.255.255 any deny ip 192.168.0.0 0.0.255.255 any deny ip 184.1.0.0 0.0.255.255 any permit ip any any ip access-list ext OUTBOUND permit ip 10.0.0.0 0.255.255.255 any permit ip 172.16.0.0 0.15.255.255 any permit ip 192.168.0.0 0.0.255.255 any permit ip 184.1.0.0 0.0.255.255 any deny ip any any interface fa 0/0 ip access-group INBOUND in ip access-group OUTBOUND out Thanks, Mark
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
