From: emad (emad@zakq8.com)
Date: Wed Oct 01 2003 - 07:23:11 GMT-3
Snow,
I already changed the number of access-list many times and the actual
access-list was 130 and I tried also 140 because I contacted Cisco
without any news
-----Original Message-----
From: Snow, Tim [mailto:timothy.snow@eds.com]
Sent: Wednesday, October 01, 2003 11:52 AM
To: 'emad'
Cc: 'ccielab@groupstudy.com'
Subject: RE: DNS vs. ICMP
Out of curiosity, could you try and create another ACL (say 121 for
example) that exactly mirrors ACL 120 and apply in inbound and keep ACL
120
outbound?
Tim
#12042
-----Original Message-----
From: emad [mailto:emad@zakq8.com]
Sent: Wednesday, October 01, 2003 4:22 AM
To: ccielab@groupstudy.com
Subject: DNS vs. ICMP
Folks,
I have access server (3640) with NM-8AM configured for dialup , I tried
to
put access-list to block the ICMP echo and echo-reply on the ingress and
egress of its Ethernet interface. When I put the access-list as
following:
Access-list 120 deny icmp any any echo
Access-list 120 deny icmp any any echo-reply
Access-list 120 permit ip any any
Interface Ethernet e0/0
Ip access-group 120 in
Ip access-group 120 out
I found that the dialup users lost the browsing and DNS is not working
but
when I removed the access-list from the input and keep it only on the
output
, everything went good and browsing back again!!! Do u know any relation
between DNS and ICMP!?
Regards
***Get your CCIE and a FREE vacation: Shop.GroupStudy.com***
This archive was generated by hypermail 2.1.4 : Mon Nov 24 2003 - 07:52:54 GMT-3