From: zheng jiang gu (zjgu@xxxxxxxxxx)
Date: Mon Apr 10 2000 - 09:51:45 GMT-3
hi gary:
thanks .
But As you say if cisco traceroute uses high end udp ports.
Is it means that I should add a access-list to intermedia and final destination
:
access-list 101 permit udp any any
----- Original Message -----
From: Gary Blankenship <blankenshipgc@nocfwd.usmc.mil>
To: Chad Marsh <chad@wa.net>; zheng jiang gu <zjgu@ce-air.com>
Cc: ccielab <ccielab@groupstudy.com>
Sent: Monday, April 10, 2000 5:25 AM
Subject: Re: trace question?
> Actually, here is the correct ACL (with comments):
>
> ! Permits messages from intermediate nodes in the path
> access-list 101 permit icmp any any ttl-exceeded
> ! Microsoft tracert uses echo. Permit response from final destination.
> access-list 101 permit icmp any any echo-reply
> ! Cisco traceroute uses high end UDP ports (default 33434). Permits
> response from final destination.
> access-list 101 permit icmp any any port-unreachable
>
> Gary
> ----- Original Message -----
> From: "Chad Marsh" <chad@wa.net>
> To: "zheng jiang gu" <zjgu@ce-air.com>
> Cc: "ccielab" <ccielab@groupstudy.com>
> Sent: Monday, April 10, 2000 2:29 AM
> Subject: Re: trace question?
>
>
> > access-list 101 permit icmp any any ttl-exceeded
> >
> >
> > Chad Marsh
> >
> >
> > > zheng jiang gu wrote:
> > >
> > > Can anyone tell me how to make a access-list to permit only trace
> > > message ?
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:23:13 GMT-3