IP Ipspect command placement

I'm getting a bit confused as to where to place the ip inspect commands, like on what interfaces and in what direction.

Would you ever place the command outbound on the untrusted interface??

Cisco book says to apply it inbound on untrusted interfaces so only safe traffic enters the network and outbound on all other interfaces to stop traffic going over the network

Is that accurate?

any links to some further reading would be great

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

lildeezul

Well according to the Cbt videos, the inspect command was on the inside interface of the edge router, and the direction was in.. Therefore when traffic was comming in on that interface, the inspect command would inspect only specific traffic, and then modify the ACL on the outside interface (in direction) to allow those inspected traffic back through.

This is how i mocked it up, but cisco implementation is probably different, with different scenarios, such as securing publicly accessed servers.

Any other thoughts anyone ?

kpjungle

As far as I understand it, you can apply it inbound on the trusted interface. This will make the router "look" at your packets, and then create appropriate ACL's for the outbound interface, comming in.

I also think you can also use it outgoing on the untrusted interface. The reason why I think most people choose the inside interface, is to determine if it is allowed or not as close to the source as possible.

rakem

there would be not point putting it on inbound on the outside interface though would there?

kpjungle

rakem wrote: »

there would be not point putting it on inbound on the outside interface though would there?

From the top of my head, I cant see that would accomplish anything.