From: marvin greenlee (marvin@ccbootcamp.com)
Date: Fri Mar 04 2005 - 14:52:42 GMT-3
Local policy routing comes to mind. Send the traffic "out" a loopback.
Marvin Greenlee, CCIE#12237, CCSI# 30483
Network Learning Inc
marvin@ccbootcamp.com
www.ccbootcamp.com (Cisco Training)
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Andrew Ballantyne (aballant)
Sent: Friday, March 04, 2005 9:46 AM
To: Richard Dumoulin; ccielab@groupstudy.com
Subject: RE: ACL don't work on outbound locally sourced traffic?
[bcc][faked-from]
Importance: Low
Hi Richard,
Is there a trick then to make an ICMP ping or say a TFTP from the router
go through the ACL? I.e. make it think it wasn't locally sourced?
Cheers,
Andrew
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Richard Dumoulin
Sent: Friday, March 04, 2005 9:16 AM
To: Andrew Ballantyne (aballant); ccielab@groupstudy.com
Subject: RE: ACL don't work on outbound locally sourced traffic?
This is correct. There is a trick though to make the traffic go through
the
ACL.
-- Richard
-----Original Message-----
From: Andrew Ballantyne (aballant) [mailto:aballant@cisco.com]
Sent: Friday, March 04, 2005 6:08 PM
To: ccielab@groupstudy.com
Subject: ACL don't work on outbound locally sourced traffic?
Hi,
In this article it says that ACLs can't block outbound traffic
originating from a router. So for example you would not be able to deny
outbound ICMP packets, and the return packet would be stopped.
http://www.informit.com/articles/article.asp?p=174313&seqNum=4
The article also says:
"Another special note on Cisco ACLs is that ACLs never apply to
traffic generated by the router."
Is this correct, it differs from my understanding, and I thought my
experience??
Cheers,
Andrew
This archive was generated by hypermail 2.1.4 : Sun Apr 03 2005 - 17:56:40 GMT-3