DNS vs. ICMP

From: emad (emad@zakq8.com)
Date: Wed Oct 01 2003 - 05:22:06 GMT-3

• Next message: Snow, Tim: "RE: Access list Log interpretation."
• Previous message: Donny MATEO: "Access list Log interpretation."
• Next in thread: Snow, Tim: "RE: DNS vs. ICMP"
• Maybe reply: Snow, Tim: "RE: DNS vs. ICMP"
• Maybe reply: Howard C. Berkowitz: "Re: DNS vs. ICMP"
• Maybe reply: emad: "RE: DNS vs. ICMP"
• Maybe reply: Cocimano, Francesco: "RE: DNS vs. ICMP"
• Maybe reply: John Hooper: "Re: DNS vs. ICMP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Folks,
I have access server (3640) with NM-8AM configured for dialup , I tried
to put access-list to block the ICMP echo and echo-reply on the ingress
and egress of its Ethernet interface.
When I put the access-list as following:

Access-list 120 deny icmp any any echo
Access-list 120 deny icmp any any echo-reply
Access-list 120 permit ip any any

Interface Ethernet e0/0
Ip access-group 120 in
Ip access-group 120 out

I found that the dialup users lost the browsing and DNS is not working
but when I removed the access-list from the input and keep it only on
the output , everything went good and browsing back again!!!
Do u know any relation between DNS and ICMP!?

Regards

***Get your CCIE and a FREE vacation: Shop.GroupStudy.com***

• Next message: Snow, Tim: "RE: Access list Log interpretation."
• Previous message: Donny MATEO: "Access list Log interpretation."
• Next in thread: Snow, Tim: "RE: DNS vs. ICMP"
• Maybe reply: Snow, Tim: "RE: DNS vs. ICMP"
• Maybe reply: Howard C. Berkowitz: "Re: DNS vs. ICMP"
• Maybe reply: emad: "RE: DNS vs. ICMP"
• Maybe reply: Cocimano, Francesco: "RE: DNS vs. ICMP"
• Maybe reply: John Hooper: "Re: DNS vs. ICMP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Nov 24 2003 - 07:52:54 GMT-3