RE: [fw-wiz] Cisco acls

• Previous message: Mark Teicher: "RE: [fw-wiz] Cisco acls"
• In reply to: Luke Butcher: "RE: [fw-wiz] Cisco acls"
• Next in thread: MHawkins_at_TULLIB.COM: "RE: [fw-wiz] Cisco acls"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Luke Butcher <Luke.Butcher@alphawest.com.au>
Date: Tue, 8 Mar 2005 16:00:09 +0100 (CET)

Hello Luke,

I believe your ramblings are quite coherent, since the IOS also has a
similar concept, but a bit different from the PIX:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s14/fsaclseq.htm

thanks,
andrew

On Mon, 7 Mar 2005, Luke Butcher wrote:

> Excuse my incoherent ramblings, you can't do access-list editing by line
> number on a router, I was thinking of the pix OS.
>
> I return you to your usual programming now.
>
> Luke Butcher
> Network/Security Consultant
>
> -----Original Message-----
> From: Luke Butcher
> Sent: Friday, 4 March 2005 9:33 AM
> To: Eric Appelboom
> Cc: firewall-wizards@honor.icsalabs.com
> Subject: RE: [fw-wiz] Cisco acls
>
>
> In my experience, I've only used ACLs on a router as a broad filter,
> block 10.* 192.168.* type stuff. Usually at the border router or
> similar. Behind this is then some sort of firewall to do the real
> filtering.
>
> As for how to, in the bad old days I always had a text file that
> contained the no access-group in, no access-list, etc. so you'd just
> edit the text file then copy and paste.
> These days it's much easier to use named access-lists and cut and past
> rules by line numbers on a Cisco. Also for the reasons you pointed out,
> there'd be no access-list on a router while there was no ACL.
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
>
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: Mark Teicher: "RE: [fw-wiz] Cisco acls"
• In reply to: Luke Butcher: "RE: [fw-wiz] Cisco acls"
• Next in thread: MHawkins_at_TULLIB.COM: "RE: [fw-wiz] Cisco acls"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: Router with security features ... Subject: Router with security features ... Cisco makes an even cheaper and smaller pix firewall. ... Pix 520's it just does not come with more powerful hardware. ... (Security-Basics) RE: Router with security features ... Subject: Router with security features ... Well when looking at firewalls you have to understand that a PIX is a PC ... If you want the firewall to work well, ... (Security-Basics) RE: PIX Question ... to say on the locking down a router and yes the firewall will block internal ... With out some sort of filtering on the ... edge router you will still leave yourself open to certain attacks. ... Subject: PIX Question ... (Security-Basics) Re: Question on dynamic routing and PIX VPN ... >servers are behind a PIX and I need to use an IPSEC VPN to link the sites. ... Those customers are insisting the fact they ... I have a router which I own. ... Each packet coming in through one of the decidated SDSL interfaces ... (comp.dcom.sys.cisco) Re: PIX 506E as a router ... to use it as a simple router? ... as you *need* the responses coming from the WAN unless ... incoming packets that are responses to outgoing packets (a ... PIX 506E do -fairly- well in such configurations, ... (comp.dcom.sys.cisco)