dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
2
share rss forum feed


Angralitux

join:2004-05-20
DO
reply to tomkb

Re: Router ACL question

I believe so, but a firewall that looks other kind of traffic/doing deep inspection should be more useful. If you want more examples look here:

»etutorials.org/Networking/Router···xamples/
--
All Is possible...


tomkb
Premium
join:2000-11-15
Tampa, FL
kudos:5
Reviews:
·Verizon FiOS
Thanks for your help.

I added the following:

ip inspect name myfw udp timeout 15
ip inspect name myfw tcp timeout 3600

and then removed the 'permit any any' from the acl.

Web browsing works, but my sip phone on my desk does not.

I entered the following but still no luck.

ip inspect name myfw sip timeout 3600
ip inspect name myfw sip-tls timeout 3600

Appreciate any help.


tomkb
Premium
join:2000-11-15
Tampa, FL
kudos:5
disregard, I got the sip phone to work.


Angralitux

join:2004-05-20
DO

1 edit
reply to tomkb
glad to see you got it working! as you may know, it is a good practice to explicit deny everything after all your "permits" on the inbound access list. What I meant, in plain english is to put:

access-list 101 deny ip any any
 

Exactly on place you had:
access-list 101 permit ip any any
 

**edit was to further clarify**
--
All Is possible...