?
Solved

Advertising OSPF and security

Posted on 2009-04-27
3
Medium Priority
?
212 Views
Last Modified: 2012-05-06
was looking through a network I inherited and saw the below:
Is the deny-ospf-out acl doing anything? I don't see it being applied to any interface or referenced anywhere else.

Is it safe to assume that we are advertising OSPF out to everyone?
access-list deny-ospf-out standard permit 172.16.0.0 255.255.0.0
access-list deny-ospf-out standard permit 10.80.8.0 255.255.255.0
access-list deny-ospf-out standard permit 192.168.100.0 255.255.255.0
access-list permit-ospf-out standard permit any
access-list private-inbound extended deny ip any 10.10.10.0 255.255.255.0
access-list private-inbound extended permit ip 172.16.0.0 255.255.0.0 any
 
 
 
 
access-group private-inbound in interface inside
access-group outside-to-inside in interface outside

Open in new window

0
Comment
Question by:dissolved
  • 2
3 Comments
 
LVL 50

Accepted Solution

by:
Don Johnston earned 2000 total points
ID: 24243900
The name of the ACL is just that... a name. It has no bearing on what it actually does. That said, most people that use named ACL's will use the name to reflect what it does. In your case, however, that does not appear to be the case. Your deny-ospf-out ACL is simply denying (or ignoring) traffic from 172.16.0.0/16, 10.80.8.0/24 and 192.168.100.0/24 addresses.

If it's not applied to any interface, a routing protocol distribute list or a route map, then it's not doing anything.

0
 

Author Comment

by:dissolved
ID: 24244085
thanks. Does this mean we are advertising OSPF out to the internet :0
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 24244690
Depending on your configuration, it's possible. There's certainly nothing about the ACL that would explicitly deny it.
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We've been using the Cisco/Linksys RV042 for years as: - an internet Gateway - a site-to-site VPN device - a leased line site-to-site subnet-to-subnet interface (And, here I'm assuming that any RV0xx behaves the same way as an RV042.  So that's …
Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question