[c-nsp] CBAC and assymetricity
David Prall
dcp at dcptech.com
Thu Feb 9 11:27:50 EST 2006
CBAC on a single router in the past could support assymetric traffic by
using the same ACL and inspection rules on the links. I believe this to
still be the case. You could move the inspection to the inside interface on
input.
http://www.cisco.com/warp/public/110/36.html#red
--
David C Prall dcp at dcptech.com http://dcp.dcptech.com
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Joe Maimon
> Sent: Wednesday, February 08, 2006 11:33 PM
> To: cisco-nsp
> Subject: [c-nsp] CBAC and assymetricity
>
> Cust CPE---Link A--<-- ISP A R1----Colo
> | |
> | ^
> | |
> +----Link B---> ISP A R2
>
>
> (moz users may want to ctrl-u for the diagram)
>
> Packet from cpe comes into ISP A r2 on Link B destined for colo
>
> Colo packet goes to ISP A R1 to CPE link A
>
> Colo sees initial packets from Cust CPE, but TCP connections
> do not proceed.
>
> They work fine if ISP A R2 removes
>
> "ip inspect rulebase-name in"
>
> from the Link B
>
> I read that CBAC "doesnt support assymetry"
>
> Does this mean that this is doomed?
>
>
>
>
>
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list