RE: [fw-wiz] Cisco acls

From: Luke Butcher (Luke.Butcher_at_alphawest.com.au)
Date: 03/03/05

  • Next message: Luca Berra: "Re: [fw-wiz] Cisco acls"
    To: "Eric Appelboom" <eric@mweb.com>
    Date: Fri, 4 Mar 2005 09:32:50 +1100
    
    

     
    In my experience, I've only used ACLs on a router as a broad filter,
    block 10.* 192.168.* type stuff. Usually at the border router or
    similar. Behind this is then some sort of firewall to do the real
    filtering.

    As for how to , in the bad old days I always had a text file that
    contained the no access-group in, no access-list, etc. so you'd just
    edit the text file then copy and paste.
    These days it's much easier to use named access-lists and cut and past
    rules by line numbers on a Cisco. Also for the reasons you pointed out,
    there'd be no access-list on a router while there was no ACL.

    Hope that helps

    Luke Butcher
    Network/Security Consultant

    -----Original Message-----
    From: Eric Appelboom [mailto:eric@mweb.com]
    Sent: Wednesday, 2 March 2005 2:53 AM
    To: firewall-wizards@honor.icsalabs.com
    Subject: [fw-wiz] Cisco acls

    Hi,

    I would appreciate some comments with regard to the extensive use of
    cisco routers acls To protect numerous networks.

    My concern is that when someone amends an access-list one generally
    enters, no access-list 177 and Then pastes in the new access list. Does
    this mean that for a period of time there is no protection on the
    Network that the acls applies?

    Best Regards
    Eric

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Luca Berra: "Re: [fw-wiz] Cisco acls"

    Relevant Pages

    • RE: [fw-wiz] Cisco acls
      ... In my experience, I've only used ACLs on a router as a broad filter, ... contained the no access-group in, no access-list, etc. so you'd just ...
      (Firewall-Wizards)
    • Re: Strange Router behaviour
      ... the new router is a Cisco 871 ... access-list 1 permit x.x.x.0 0.0.0.255 ... access-list 101 permit ip any host x.x.x.x ...
      (comp.dcom.sys.cisco)
    • Re: Controlling Outbound Ports
      ... it's really just an ACL on our internet router and we have ... to a Router as a Broadcast Firewall even when there is no ACLs. ... the lower port theory is at least a plausible one. ...
      (microsoft.public.windows.server.networking)
    • Re: Liteweight needs confirmation: SBS config of Mulitple NIC
      ... match access-group 112 ... access-list 9 permit yada..yada...yada ... Tried to ping the Cisco router from the Firebox, ... Pinged SBS server and it worked. ...
      (microsoft.public.windows.server.sbs)
    • Re: Liteweight needs confirmation: SBS config of Mulitple NIC
      ... Cisco configs give me a headache. ... match access-group 112 ... access-list 9 permit yada..yada...yada ... Tried to ping the Cisco router from the Firebox, ...
      (microsoft.public.windows.server.sbs)