Re: [fw-wiz] Cisco acls

From: Steve Saeedi (saeedi_at_ebrary.com)
Date: 03/01/05

  • Next message: Mathew Want: "RE: [fw-wiz] Cisco acls"
    To: "Eric Appelboom" <eric@mweb.com>
    Date: Tue, 1 Mar 2005 12:01:01 -0800
    
    

    If you have a tftp server handy you can tftp the modified ACLs section
    of your router in a file with the first line reading, "no access-list
    177". It's a lot faster than paste. I haven't tried scp.

    The other alternative is you're dual-homed, shutdown the externally
    facing interface, then apply the updated acls.

    To answer your question, yes, manually pasting will leave your router
    vulnerable for that short period of time.

    - Steve

    On Mar 1, 2005, at 7:53 AM, Eric Appelboom wrote:

    >
    > Hi,
    >
    > I would appreciate some comments with regard to the extensive use of
    > cisco routers acls
    > To protect numerous networks.
    >
    > My concern is that when someone amends an access-list one generally
    > enters, no access-list 177 and
    > Then pastes in the new access list. Does this mean that for a period of
    > time there is no protection on the
    > Network that the acls applies?
    >
    > Best Regards
    > Eric
    > MWEB: S.A.'s trusted Internet Service Provider. Just Like that.
    > To join, click here or call 08600 32000.
    > _______________________________________________
    > firewall-wizards mailing list
    > firewall-wizards@honor.icsalabs.com
    > http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    >

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Mathew Want: "RE: [fw-wiz] Cisco acls"

    Relevant Pages

    • Re: Controlling Outbound Ports
      ... it's really just an ACL on our internet router and we have ... to a Router as a Broadcast Firewall even when there is no ACLs. ... the lower port theory is at least a plausible one. ...
      (microsoft.public.windows.server.networking)
    • RE: [fw-wiz] Cisco acls
      ... In my experience, I've only used ACLs on a router as a broad filter, ... contained the no access-group in, no access-list, etc. so you'd just ...
      (Firewall-Wizards)
    • Re: Cisco Router security basics and ASA firewall rules
      ... an edge router or internal router which stands in front of an ASA firewall. ... ACLs on the router and have all ACLs happening at the firewall. ...
      (Security-Basics)
    • Re: Web Filtering
      ... The central way to manage it is with a router that supports Access Control Lists (ACLs). ... Some routers provide content filtering as a $ub$sciption, but it doesn't work well, and still doesn't let you directly specify allowed sites. ... Then add the urls for allowed websites manually in your own DNS. ...
      (microsoft.public.win2000.networking)
    • Re: Easy VPN - client doesnt get config from server
      ... I should also add that the router also includes ACLs for FTP testing ... Easy VPN - client doesn't get config from server ...
      (comp.dcom.sys.cisco)