[c-nsp] Two access-list questions..for Internet router
Church, Charles
cchurc05 at harris.com
Tue Jan 22 12:11:55 EST 2008
Jacob,
I think you need to talk to the ISP to see why they are NATing
you being such an odd address space. That range isn't routable
(reserved by IANA still). If the router they gave you is NATing, you
need to find the real address space you're NATing to if you want to
write an ACL correctly for it. If they're not NATing you, don't bother
with an ACL, because no one will be able to get to you anyway... :)
Chuck
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of jacob c
Sent: Tuesday, January 22, 2008 11:46 AM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] Two access-list questions..for Internet router
My ISP gave me a 1.1.1.64/27 range. 1.1.1.65 will be the inside ethernet
interface of the router.
1) Does anyone see any issue with ONLY allowing 1.1.1.65 /27 range
into my network since that is my only Public IP Range?
2) Is it best practice (performance-wise) to put my hardened
access-list which includes the statment above on the s0/2 interface for
the gigabit ethernet interface?
Thank you,
---------------------------------
Never miss a thing. Make Yahoo your homepage.
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list