for chrissakes,, dont be so literal,,,concept is important,,, the response was written in that manner..not to hold his hand...
we are not filtering the serial interface, we are doing route selection. its an outbound interface....did you not read the first email. we are not trying to give him an exhaustive access list indeed we are trying to alleviate the need to reference the access list. this is NOT inbound traffic, it is outbound..go study on the sequence of events that packets are sent thru during outbound processing.. sheeesh...go away. piranha... -----Original Message----- From: Network Operations [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 12, 2002 11:13 AM To: [EMAIL PROTECTED] Subject: Re: ACL's and private address space Actually if you filtered the Serial interface you would be blocking Incomming traffic (if it's your "Outside" interface") and filtering on the Ethernet side would be blocking Outgoing traffic. You definately want to block your own network traffic from comming back in from the Outside. Say if you are using 10.0.0.0 on your LAN you would want do Deny 10.0.0.0 traffic on your Serial interface. This will prevent someone on the internet from (spoofing) giving themselves an address in your address space and trying to authenticate to your internal services. (this should be firewalled to prevent this anyway but...) >From your description, if you block 10.0.0.0 on the Eth0 interface, your users would not be able to authenticate to the Access servers. Hopefully this helps (probably not but...you get what you pay for right?) cheers Marc >>> "james" <[EMAIL PROTECTED]> 03/12/02 10:18AM >>> I am seeking to use ACL's to block the outbound traffic on private addresses that many of our remote POP's are producing. Remote POP's consist of a Cisco router (2500/2600's) and various access servers. I understand it is better to filter this at the source of the problem and not the exterior gateways. At the remote POP, should I apply these ACL's (Blocking 10.0.0.0, ect private networks) to the Ethernet interface, incomming or the serial interfaces, outgoing ? Serial interfaces would be the T-1 connections to the outside network and Ethernet interface is how the access servers are connected (via a switch) to the access servers. james _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
