From: Snow, Tim (timothy.snow@eds.com)
Date: Wed Oct 01 2003 - 05:51:32 GMT-3
Out of curiosity, could you try and create another ACL (say 121 for
example) that exactly mirrors ACL 120 and apply in inbound and keep ACL 120
outbound?
Tim
#12042
-----Original Message-----
From: emad [mailto:emad@zakq8.com]
Sent: Wednesday, October 01, 2003 4:22 AM
To: ccielab@groupstudy.com
Subject: DNS vs. ICMP
Folks,
I have access server (3640) with NM-8AM configured for dialup , I tried to
put access-list to block the ICMP echo and echo-reply on the ingress and
egress of its Ethernet interface. When I put the access-list as following:
Access-list 120 deny icmp any any echo
Access-list 120 deny icmp any any echo-reply
Access-list 120 permit ip any any
Interface Ethernet e0/0
Ip access-group 120 in
Ip access-group 120 out
I found that the dialup users lost the browsing and DNS is not working but
when I removed the access-list from the input and keep it only on the output
, everything went good and browsing back again!!! Do u know any relation
between DNS and ICMP!?
Regards
***Get your CCIE and a FREE vacation: Shop.GroupStudy.com***
This archive was generated by hypermail 2.1.4 : Mon Nov 24 2003 - 07:52:54 GMT-3