From: yu chunyan (yuchunyan@hotmail.com)
Date: Fri Aug 22 2003 - 13:15:46 GMT-3
reflective access-list only apply for TCP connection.
Bin.
>From: "ccie2be" <ccie2be@nyc.rr.com>
>Reply-To: "ccie2be" <ccie2be@nyc.rr.com>
>To: "Group Study" <ccielab@groupstudy.com>
>Subject: Ping and reflexive access lists
>Date: Fri, 22 Aug 2003 11:38:47 -0400
>
>Hi all,
>
>The following is from the solution config of IPExpert e-scenario lab 343.
>
>int s0
><text omitted>
>ip access-group inbound in
>ip access-group outbound out
>
>
>ip access-list extended inbound
>evaluate icmptraffic
>
>ip access-list extended outbound
>permit icmp any any reflect icmptraffic
>
>The requirement is to allow inside users to ping to the outside. When I
>tried
>this, it didn't work which actually makes sense to me since the reply to a
>ping is an echo-reply which isn't a "mirror image" of a ping.
>
>Is this solution wrong or did I miss something?
>
>Thanks, dt
>
>
>_______________________________________________________________________
>You are subscribed to the GroupStudy.com CCIE R&S Discussion Group.
>
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Tue Sep 02 2003 - 18:54:04 GMT-3