CBAC Not Working
In the CCIE Security ATC class on CBAC, Brian tries to use the command below, but doesn't get it working. He said it's supposed to save you needing to do a deny any any on an inbound ACL on the outside interface. However he did not manage to get it working. I also tested it, and I couldn't get it working that way either.
This is the command that never worked: #ip inspect tcp block-non-session
ip address 10.0.45.4 255.255.255.0
ip route 0.0.0.0 0.0.0.0 10.0.45.5
ip address 10.0.56.6 255.255.255.0
ip route 0.0.0.0 0.0.0.0 10.0.56.5
would expect that telnet from R4 to R6 works. Fine. However, you would
expect R6 telnet to R4 should fail because of the command "ip inspect
tcp block-non-session". As you can see the state table is clean:
Trying 10.0.45.4 ... Open
User Access Verification
Why can R6 telnet to R4?