From: Lee Donald (Lee.Donald@t-systems.co.uk)
Date: Wed Apr 06 2005 - 11:15:51 GMT-3
That doesn't work Mani, if you look down on the email I have those in the
access-list.
I thought it was those 2 aswell ??
Anyone ?
_____
From: mani poopal [mailto:mani_ccie@yahoo.com]
Sent: 06 April 2005 15:09
To: Lee Donald; ccielab@groupstudy.com
Subject: Re: Allowing TraceRoute through an access-list
Hi Lee,
It is port unreachable and time-exceeded(not ttl-exceeded)
permit icmp any any time-exceeded
permit icmp any any port-unrechables
Mani
Lee Donald <Lee.Donald@t-systems.co.uk> wrote:
I know this is a rather easy thing but I'm having a mental block with
TraceRoute.
I thought you just allow port-unreachable and ttl-exceeded for Cisco trace?
But it's not working, I've tried some of the others but no go.
Exactly which icmp type is it?
My access-list
Any help greatly appreciated.
Extended IP access list INBOUND
10 permit icmp any any ttl-exceeded
20 permit icmp any any port-unreachable
30 permit icmp any any net-unreachable
40 permit icmp any any time-exceeded
Extended IP access list OUTBOUND
10 permit icmp any any ttl-exceeded
20 permit icmp any any port-unreachable
30 permit icmp any any net-unreachable
40 permit icmp any any time-exceeded
Regards
Lee Donald.
This archive was generated by hypermail 2.1.4 : Tue May 03 2005 - 07:54:54 GMT-3