RE: RE: Fragments

From: Baety Wayne A 30 SIG BN RS3 (cn) (BaetyWA@schofield.army.mil)
Date: Tue Jul 27 2004 - 17:21:00 GMT-3

• Next message: ali: "RE: Qos"
• Previous message: jongsoo.kim@intelsat.com: "Different behavior on BGP announcement between cisco and"
• Maybe in reply to: Baety Wayne A 30 SIG BN RS3 (cn): "RE: Fragments"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Keep in mind that acls are processed from the top down.

The "deny fragments" line in the acl will not get processed for port 80
traffic. You will be permitting all port 80 traffic, irrespective of it
being a fragmented ip packet. This is so, because you permitted that
traffic in your acl before you denied fragmented traffic.

WAYNE A. BAETY, Contr, 30SIG BN
MCSE+I, MCSD, MCDBA, CCNP+Voice
Resident System Support Specialist
Office: (808) 655-6761
Cell: (808) 779-3776

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
gladston@br.ibm.com
Sent: Tuesday, July 27, 2004 10:05 AM
To: ccielab@groupstudy.com
Subject: Re: RE: Fragments

Would the IOS "remember" that the fragments belong to session http?

>>You could just permit the port 80 traffic before denying fragments...
>>Just a thought ;)

• Next message: ali: "RE: Qos"
• Previous message: jongsoo.kim@intelsat.com: "Different behavior on BGP announcement between cisco and"
• Maybe in reply to: Baety Wayne A 30 SIG BN RS3 (cn): "RE: Fragments"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Aug 01 2004 - 10:12:04 GMT-3