REFLXIVE access-list QUESTION

From: mani poopal (mani_ccie@yahoo.com)
Date: Mon Apr 04 2005 - 02:38:41 GMT-3

• Next message: Jim: "Re: quickly as-path regexp question"
• Previous message: Erick Bergquist: "Re: Static host routes to null0 automatically insert into EIGRP"
• Next in thread: Jongsoo kim: "Re: REFLXIVE access-list QUESTION"
• Maybe reply: Jongsoo kim: "Re: REFLXIVE access-list QUESTION"
• Maybe reply: Jim: "Re: REFLXIVE access-list QUESTION"
• Maybe reply: mani poopal: "Re: REFLXIVE access-list QUESTION"
• Maybe reply: Ed Lui: "Re: REFLXIVE access-list QUESTION"
• Maybe reply: Brian McGahan: "RE: REFLXIVE access-list QUESTION"
• Maybe reply: mani poopal: "RE: REFLXIVE access-list QUESTION"
• Maybe reply: Brian McGahan: "RE: REFLXIVE access-list QUESTION"
• Maybe reply: simon hart: "RE: REFLXIVE access-list QUESTION"
• Maybe reply: Brian McGahan: "RE: REFLXIVE access-list QUESTION"
• Maybe reply: simon hart: "RE: REFLXIVE access-list QUESTION"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Group,
 
Can we make icmp traffic to be reflected(I think you cannot reflect traceroute initiated from inside). If a question asks to allow only traffic originated from your network 133.13.0.0 for tcp, udp and icmp traffic to comeback , what is the correct statement.
=================================
Extended IP access list INBOUND
    permit udp any any eq rip
    permit tcp any any eq bgp
    permit tcp any eq bgp any
    permit icmp any any<---------DO WE NEED THIS OR BELOW STMENT 3.
    evaluate MYREF
Extended IP access list OUTBOUND
    permit tcp 133.13.0.0 0.0.255.255 any reflect MYREF
    permit udp 133.13.0.0 0.0.255.255 any reflect MYREF
    permit icmp 133.13.0.0 0.0.255.255 any reflect MYREF
interface FastEthernet0/0
 ip access-group INBOUND in
 ip access-group OUTBOUND out
========================================
ASSUMPTION: running rip and ospf.
1.do we have to reflect icmp
2.do we have to just allow icmp without reflection
3.If we reflect icmp, for inbound do we need permit icmp any any OR permit icmp any any time-exceeded & permit icmp any any port-unreachables(needed for traceroute)
 
Any suggestions are appreciated.
 
thanks
 
Mani

B.ENG,A+,CCNA,CCNP,CCNP-VOICE, CSS1,CNA,MCSE
(416)431 9929
MANI_CCIE@YAHOO.COM

---------------------------------
Post your free ad now! Yahoo! Canada Personals

• Next message: Jim: "Re: quickly as-path regexp question"
• Previous message: Erick Bergquist: "Re: Static host routes to null0 automatically insert into EIGRP"
• Next in thread: Jongsoo kim: "Re: REFLXIVE access-list QUESTION"
• Maybe reply: Jongsoo kim: "Re: REFLXIVE access-list QUESTION"
• Maybe reply: Jim: "Re: REFLXIVE access-list QUESTION"
• Maybe reply: mani poopal: "Re: REFLXIVE access-list QUESTION"
• Maybe reply: Ed Lui: "Re: REFLXIVE access-list QUESTION"
• Maybe reply: Brian McGahan: "RE: REFLXIVE access-list QUESTION"
• Maybe reply: mani poopal: "RE: REFLXIVE access-list QUESTION"
• Maybe reply: Brian McGahan: "RE: REFLXIVE access-list QUESTION"
• Maybe reply: simon hart: "RE: REFLXIVE access-list QUESTION"
• Maybe reply: Brian McGahan: "RE: REFLXIVE access-list QUESTION"
• Maybe reply: simon hart: "RE: REFLXIVE access-list QUESTION"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue May 03 2005 - 07:54:52 GMT-3