Re: CBAC QUestion

Mon, 03 Jul 2000 06:06:09 -0700 

Paco,

That amount of config you gave us isnt going to cut it.  We'll need to see
your WAN interface configuration as well.

Also, you mentioned DMZ...are you trying to have people from the outside
come in to access your internal servers?  If so, CBACs setup the way you
have wont work.  You'll need an access-list to allow it in.

ttyl,
-Brad
""Paco Garc�a"" <[EMAIL PROTECTED]> wrote in message
8jpko1$fu0$[EMAIL PROTECTED]">news:8jpko1$fu0$[EMAIL PROTECTED]...
> I�m just configuring a IP IOS Firewall in a Cisco 3620. I see that the
> firewall don�t work, and I don�t know why. In my topology, CBAC is
> configured for the internal interface eth0, this allow access to services
in
> the DMZ (eth1). My configuration is:
>
> ip inspect max-incomplete high 1100
> ip inspect one-minute high 1100
> ip inspect name difirewall cuseeme
> ip inspect name difirewall fragment maximum 256 timeout 1
> ip inspect name difirewall ftp
> ip inspect name difirewall h323
> ip inspect name difirewall netshow
> ip inspect name difirewall rcmd
> ip inspect name difirewall realaudio
> ip inspect name difirewall rtsp
> ip inspect name difirewall smtp
> ip inspect name difirewall sqlnet
> ip inspect name difirewall streamworks
> ip inspect name difirewall tcp
> ip inspect name difirewall tftp
> ip inspect name difirewall udp
> ip inspect name difirewall vdolive
> ip inspect name difirewall http java-list 51
> ip audit notify log
> ip audit po max-events 100
>
> interface Ethernet0/1
>   ip address 172.16.1.1 255.255.0.0
>  ip access-group 100 out
>  no ip directed-broadcast
>  ip nat inside
>  ip inspect difirewall in
>
>
> ___________________________________
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> ---


___________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to