WHEN THE CONNECTION IS CLOSED, THE STATE TABLE ENTRY IS DELETEDALON...
7. When the connection is closed, the state table entry is deleted
along with the temporary access list.
Configuring Control-based Access Control
Before configuring CBAC, we must specify which protocols you want to be
inspected. We must also specify an interface and direction where the
inspection originates. Context-based Access Control will inspect only the
protocols we specify here. For the specified protocols, packets entering or
exiting the router are inspected. They must flow through the interface
where inspection is configured. The packets must pass the inbound access
list applied on the interface to be inspected by CBAC. If a packet is denied
by the access list, the packet is dropped and CBAC will have no effect.
Figure 2.10 diagrams a CBAC configuration.
Traffic Filtering on the Cisco IOS • Chapter 2 87Figure 2.10 Configuring Context-based Access Control.
Internet
SMTP
DNS
S0
Ethernet
E0