What is required for me to undertake reflexive access list and context based access control?
Reflexive access lists can be configured on most IOS feature sets. CBAC requires the firewall feature set. 3. Zone-Based Firewall The new Zone-Based Firewall is replacing the previous Stateful IOS-Based Firewall (the CBAC). Zone-Based Firewall is pretty much similar to PIX/ASA OS 7.0 firewall configuration. Check out the following links for details. Cisco IOS Zone-Based Policy Firewall Zone-Based Policy Firewall Design and Application Guide Zone-Based Policy Firewall Design Guide Cisco IOS Firewall Q&A Zone-Based Policy Firewall – Introduction and Implementation 4. IDS/IPS (Intrusion Prevention System) There are prerequisites to properly run Cisco IOS IPS on routers * Your router IOS version should be at least 12.3(8)T * Your router IOS feature should be either Advanced Enterprise, Advanced IP Security, or IP Security with IPS * Your router DRAM is at least 128MB * There is Signature Detection File (*.sdf) stored in your router, either in flash memory, PCMCIA inside one of the router’s