From: ccie2be (ccie2be@nyc.rr.com)
Date: Tue Jan 06 2004 - 20:14:04 GMT-3
Hi guys,
I'm having problems getting this to work properly and I have 2 questions about
this.
1) When using local authentication, does the name in the username xxxx
password yyyy need to match the name in the dynamic access list entry? If it
does, doesn't that create problems in that everyone must use the same name
password combo? ( I understand that only 1 dynamic entry should be used when
creating dynamic access lists.)
2) Does the dynamic access list have to explicitly permit icmp in order for
ping to work?
I have the following config:
username test password ccie
int s2
ip addr x.x.x.x m.m.m.m
ip access-group 100 in
access-list 100 permit tcp any host 172.16.32.3 eq telnet
access-list 100 dynamic test permit ip any 172.16.136.0 0.0.0.255
line vty 0 4
password cisco
login local
autocommand access-enable timeout 3
What happens is this. when I telnet to the ip addr above, I get challenged to
enter a name and password and then I get (as I should) a message like "session
closed by foreign host". But, then when I try to ping a host on subnet
172.16.136.0, I get U.U.U
Shouldn't I be able to ping with the above config?
Thanks in advanced, dt
This archive was generated by hypermail 2.1.4 : Mon Feb 02 2004 - 09:07:37 GMT-3