Guys, Am I supposed to see dynamic entries in the ACL by doing "show ip access-list" after CBAC firewall created a temporary hole while matching the defined inspection rule ? I see only those that I defined in the ACL applied to the interface. Currently I'm able to see some details about dynamic entries created by running "show ip inspect session detail"
R3#show ip inspect session detail Established Sessions Session 64D265B0 (136.1.23.2:8)=>(150.1.1.1:0) icmp SIS_OPEN Created 00:00:03, Last heard 00:00:03 ECHO request Bytes sent (initiator:responder) [360:360] In SID 150.1.1.1[0:0]=>136.1.23.2[0:0] on ACL VLAN13-EGRESS (5 matches) In SID 0.0.0.0[0:0]=>136.1.23.2[3:3] on ACL VLAN13-EGRESS In SID 0.0.0.0[0:0]=>136.1.23.2[11:11] on ACL VLAN13-EGRESS Eugene
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
