> I am seeking to use ACL's to block the outbound traffic on private > addresses that many of our remote POP's are producing. Remote POP's > consist of a Cisco router (2500/2600's) and various access servers. I > understand it is better to filter this at the source of the problem and > not the exterior gateways. At the remote POP, should I apply these > ACL's (Blocking 10.0.0.0, ect private networks) to the Ethernet > interface, incomming or the serial interfaces, outgoing ? Serial > interfaces would be the T-1 connections to the outside network and > Ethernet interface is how the access servers are connected (via a > switch) to the access servers. > > james
James, You could easily filter this on the ethernet ports of your cisco routers at each pop. You might just allow the subnets that you have down at your remote pops, and 'deny ip any any log' at the end of your ACL. You might accomplish this with an input policy applied to the ethernet. --truman _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
