[c-nsp] dual cbac

Kevin Graham kgraham at industrial-marshmallow.com
Wed Oct 10 18:48:50 EDT 2007

> The idea is to have one router and internet connection for two companys 
> and to have full controll about the communication between the two 
> companys (acl to-company1 and to-company2). 

There's no graceful way to do this w/ legacy CBAC. Instead, consider the
Zone-Based Policy Firewall. I think ZPF will handle what you want very
nicely -- design guide is at:


More information about the cisco-nsp mailing list