From: zheng jiang gu (zjgu@xxxxxxxxxx)
Date: Sun Dec 31 2000 - 03:43:02 GMT-3
No it start at 33434! correct me if wrong!
zjgu
00-12-31 6:39:56, "Robert DeVito" <robertdevito@hotmail.com> wrote:
>Yes, that will work, but I noticed that you have to do a " gt 33432" because
>if you use the 33343 it will permit ports that are greater then 33343,
>meaning 33344, and traceroute for a router will start at 33343.
>
>Thoughts?
>Robert
>
>
>----Original Message Follows----
>From: "zheng jiang gu" <zjgu@ce-air.com>
>Reply-To: zjgu@ce-air.com
>To: Robert DeVito <robertdevito@hotmail.com> , ccielab@groupstudy.com
>Subject: Re: Permitting traceroute through a acl
>Date: Sun, 31 Dec 2000 12:24:30 +0800
>
>I think should use"
>Extended IP access list 100
> permit udp host 137.2.12.1 host 137.2.23.3 gt 33433"
>zjgu
>
>00-12-30 21:09:10, "Robert DeVito" <robertdevito@hotmail.com> wrote:
>
> > e0 e0 s0 s0
> >R3----------------R2------/-------r1
> >
> >R3 e0=192.168.2.2/24
> >r1 s0= 192.168.1.5/30
> >
> >I have a inbound access-list on R2 ethernet port. I want R3 to be able to
> >tracerout to r1. I understand that a cisco router will start with udp
>port
> >33434 when it does a tracerout. This is how I was able to do it:
> >
> >acc 101 permit udp host 192.168.2.2 gt 33433 fhost 192.168.1.5 gt 33343
> >
> >It seems to work just fine, I just want to make sure this is what you guys
> >(and gals) would do if you came accross this in the lab.
> >
> >Happy New Years!
> >Robert DeVito
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:26:13 GMT-3