Transit ACLs

Transit ACLs

Transit ACLS are agnate to basement aegis ACLs in two ways: alteration ACLS accord you a conceptual view,

and they do not crave appropriate configuration. Alteration ACLs represent one of the abounding means to access network

security by absolutely acceptance accepted cartage into the network. For best arrangement environments, filtering

should be activated to ascendancy entering cartage into the arrangement and to block any crooked attack at the edge

of the network. Account provider networks, for example, generally ascendancy cartage entering or departure customer

networks by application bend or alteration filtering. This protects exceptionable cartage from one chump to addition because

unwanted cartage is alone at the account provider edge.

A alteration ACL is developed application the afterward guidelines:

Using antispoofing aegis based on best practices from the afterward three RFCs:

- RFC 1918—Private abode amplitude not routable on the Internet

- RFC 3330—Special use addresses that ability crave filtering

- RFC 2827—Antispoofing guidelines

Explicitly allowing acknowledgment cartage for all access basal from the centralized arrangement to the Internet

Explicitly allowing evidently sourced cartage that is basal from the alien arrangement destined to the

protected centralized network

Explicitly application a abjure account against the end of the ACL

Visit the Cisco affidavit URL apparent in the Tip that follows for an archetype of alteration ACL.

Tip

For added capacity on alteration ACLs and basal agreement templates, accredit to

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a00801afc76.shtml