From: Ken.Farrington@barclayscapital.com
Date: Mon Dec 08 2003 - 07:55:03 GMT-3
Hi Guys,
.200.2 .200.1 111.1
r1-----------r2----------r3
if I ping from R3 to R1, i get thru the RACL. Now this has opened icmp as
follows on R2 :-
ACL/CONFIG on R2
-----------------
Reflexive IP access list RACL
permit icmp host 155.195.200.2 host 155.195.111.1 (11 matches) (time
left 246)
Extended IP access list inbound
evaluate RACL
deny ip any any (114 matches)
Extended IP access list outbound
permit icmp any any reflect RACL
deny ip any any
R2#
!
interface Ethernet0
ip address 155.195.200.1 255.255.255.0
ip access-group inbound in
ip access-group outbound out
!
Now, should I not be able to ping R3s address now from R1 using the source
int of 200.2?
When I do, I get blocked with Access-denied on R1 but on the ACL outbound, i
permit icmp (assumes that means all of icmp)
Many thx
R2#debug ip pack det
IP packet debugging is on (detailed)
R2#
00:36:07: IP: s=155.195.200.2 (Ethernet0), d=155.195.111.1, len 100, access
denied
00:36:07: ICMP type=8, code=0
00:36:07: IP: s=155.195.200.1 (local), d=155.195.200.2 (Ethernet0), len 56,
sending
00:36:07: ICMP type=3, code=13
------------------------------------------------------------------------
For more information about Barclays Capital, please
visit our web site at http://www.barcap.com.
Internet communications are not secure and therefore the Barclays
Group does not accept legal responsibility for the contents of this
message. Although the Barclays Group operates anti-virus programmes,
it does not accept responsibility for any damage whatsoever that is
caused by viruses being passed. Any views or opinions presented are
solely those of the author and do not necessarily represent those of the
Barclays Group. Replies to this email may be monitored by the Barclays
Group for operational or business reasons.
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.4 : Sat Jan 03 2004 - 08:25:37 GMT-3