Context-based admission ascendancy (CBAC) was alien in Cisco IOS
Software Release 12.0.5.T and requires the Cisco IOS Firewall affection
set. CBAC inspects cartage that campaign through the firewall in
adjustment to ascertain and administer accompaniment advice for TCP and
UDP sessions. This accompaniment advice is acclimated in adjustment to
actualize acting openings in the admission lists of the firewall.
Configure ip audit lists in the administration of the breeze of cartage
admission in adjustment to acquiesce acknowledgment cartage and added
abstracts access for permissible session, sessions that originated from
aural the adequate centralized network, in adjustment to do this.
This is the syntax for CBAC.
ip audit name inspection-name agreement [timeoutseconds]
This is an archetype of the use of CBAC in adjustment to audit
outbound traffic. Extended ACL 111 commonly block the acknowledgment
cartage added than ICMP after CBAC aperture holes for the
acknowledgment traffic.
ip audit name myfw ftp abeyance 3600
ip audit name myfw http abeyance 3600
ip audit name myfw tcp abeyance 3600
ip audit name myfw udp abeyance 3600
ip audit name myfw tftp abeyance 3600
interface Ethernet0/1
ip abode 172.16.1.2 255.255.255.0
ip access-group 111 in
ip audit myfw out
access-list 111 abjure icmp any 10.1.1.0 0.0.0.255 answer
access-list 111 admittance icmp any 10.1.1.0 0.0.0.255
Sections
Comments (0 posted)
Syndication
