From: Jeff Ryan (jeffryanwn@hotmail.com)
Date: Mon Sep 04 2006 - 23:45:18 ART
http://www.cisco.com/warp/public/105/acl_wp.html
In looking at this link, specifically Scenario #1 ACL 101 example it states
that this would permit only non-fragmented HTTP flows to the server. Of
course, the deny statement would kill any IGP or EGP connection unless we
specifically permitted it...
In the diagram in this link if I had a bgp tcp session with a router out this
link:
access-list 101 deny ip any host 171.16.23.1 fragments
access-list 101 permit tcp any host 171.16.23.1 eq 80
access-list 101 permit tcp any any eq bgp
access-list 101 permit tcp any eq bgp any
access-list 101 deny ip any any
!
int s0 (internet link)
ip access-group 101 in
!
Any comments?
Jeff
This archive was generated by hypermail 2.1.4 : Sun Oct 01 2006 - 16:55:39 ART