Re: [fw-wiz] Cisco acls

• Previous message: Bruce Smith: "RE: [fw-wiz] Cisco acls"
• In reply to: Eric Appelboom: "[fw-wiz] Cisco acls"
• Next in thread: Luca Berra: "Re: [fw-wiz] Cisco acls"
• Reply: Luca Berra: "Re: [fw-wiz] Cisco acls"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "Eric Appelboom" <eric@mweb.com>
Date: Tue, 1 Mar 2005 12:01:01 -0800

If you have a tftp server handy you can tftp the modified ACLs section
of your router in a file with the first line reading, "no access-list
177". It's a lot faster than paste. I haven't tried scp.

The other alternative is you're dual-homed, shutdown the externally
facing interface, then apply the updated acls.

To answer your question, yes, manually pasting will leave your router
vulnerable for that short period of time.

- Steve

On Mar 1, 2005, at 7:53 AM, Eric Appelboom wrote:

>
> Hi,
>
> I would appreciate some comments with regard to the extensive use of
> cisco routers acls
> To protect numerous networks.
>
> My concern is that when someone amends an access-list one generally
> enters, no access-list 177 and
> Then pastes in the new access list. Does this mean that for a period of
> time there is no protection on the
> Network that the acls applies?
>
> Best Regards
> Eric
> MWEB: S.A.'s trusted Internet Service Provider. Just Like that.
> To join, click here or call 08600 32000.
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
>

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: Bruce Smith: "RE: [fw-wiz] Cisco acls"
• In reply to: Eric Appelboom: "[fw-wiz] Cisco acls"
• Next in thread: Luca Berra: "Re: [fw-wiz] Cisco acls"
• Reply: Luca Berra: "Re: [fw-wiz] Cisco acls"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Controlling Outbound Ports ... it's really just an ACL on our internet router and we have ... to a Router as a Broadcast Firewall even when there is no ACLs. ... the lower port theory is at least a plausible one. ... (microsoft.public.windows.server.networking) RE: [fw-wiz] Cisco acls ... In my experience, I've only used ACLs on a router as a broad filter, ... contained the no access-group in, no access-list, etc. so you'd just ... (Firewall-Wizards) Re: Cisco Router security basics and ASA firewall rules ... an edge router or internal router which stands in front of an ASA firewall. ... ACLs on the router and have all ACLs happening at the firewall. ... (Security-Basics) Re: Web Filtering ... The central way to manage it is with a router that supports Access Control Lists (ACLs). ... Some routers provide content filtering as a $ub$sciption, but it doesn't work well, and still doesn't let you directly specify allowed sites. ... Then add the urls for allowed websites manually in your own DNS. ... (microsoft.public.win2000.networking) Re: Easy VPN - client doesnt get config from server ... I should also add that the router also includes ACLs for FTP testing ... Easy VPN - client doesn't get config from server ... (comp.dcom.sys.cisco)