Use the following logic with CBAC ip inspect name fw fragment maximum - for outbound
ip virtual-reassembly - for inbound With regards Kings On Tue, Jun 19, 2012 at 9:10 AM, Johan Bornman <[email protected]> wrote: > Anthony,**** > > ** ** > > Thanks for your daily bit on the challenge. I am following it as I will > also do my lab around the same time.**** > > ** ** > > I am under the impression that virtual-reassembly always has to be applied > to the “outside” int when CBAC and ZBF is used. Is this correct?**** > > ** ** > > I am busy with a VII IPEXPERT lab where this was not done. **** > > ** ** > > Thanks**** > > ** ** > > Johan**** > > ** ** > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Anthony Sequeira > *Sent:* 18 June 2012 03:33 PM > *To:* [email protected] > > *Cc:* CCIE Security > *Subject:* Re: [OSL | CCIE_Security] Protecting Against Fragmentation > Attacks**** > > ** ** > > I did not test standalone and saw no documentation that led me to believe > it would work standalone. **** > > ** ** > > *From:* Alexei Monastyrnyi [mailto:[email protected]] > *Sent:* Monday, June 18, 2012 7:55 AM > *To:* Anthony Sequeira > *Cc:* CCIE Security > *Subject:* Re: [OSL | CCIE_Security] Protecting Against Fragmentation > Attacks**** > > ** ** > > Hi Anthony. > > Mentioning ip virtual-reassembly as a part of CBAC/ZBF, did you actually > test this as a standalone feature or did you always use it as a part of > your CBAC/ZBF configuration? > > Cheers > A. > **** > > On 6/18/2012 12:22 PM, Anthony Sequeira wrote:**** > > Here is a post I did today on this topic. **** > > ** ** > > http://blog.ipexpert.com/2012/06/17/ccie-security-challenge-–-day-22-of-120-–-fragment-attacks/**** > > ** ** > > See anything I am missing? Thanks in advance! **** > > ** ** > > _______________________________________________**** > > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com**** > > ** ** > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com**** > > ** ** > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
