According to my mailer, Darren Reed wrote:
>>Is anyone actually using filters for both input and outut on an interface,
>>if so, what IOS rev., and is there any substance to this (ie buggy revcs of
>>the IOS) or does it just require things to be done "right" ?
I have used ACL's for both input and output successfully in several installations. We tested the IP lists and other protocols (DECnet and IPX) using Sniffers on both the LAN and WAN sides to verify what packets were allowed/denied. All installations were either IOS 10.0(10) or 10.0(11) so this may not apply.
The problem 'implied' by the Cisco engineer is of a type not uncommon to Cisco, but is usually IOS/Hardware specific. These are eventually addressed by later releases of IOS or firmware.
I'm sure Paul could elaborate.
VP Network Services
Spectrum Technologies, Bermuda
Internetworking and Security Consultants
(441) 296-2578 Tel ngentry @
(441) 296-2581 Fax spectrum @
"Firewalls are the network's response to bad host security" - Steven Bellovin - AT&T