Re: IEWB - RS -Lab 2 Task 9.4 - ICMP filtering

From: Alexei Monastyrnyi (alexeim@orcsoftware.com)
Date: Tue Nov 14 2006 - 20:12:34 ART

• Next message: Danny Cox: "Re: Re: major network and classful"
• Previous message: Jens Petter: "RE: regarding cat 4500 switches"
• Maybe in reply to: Adhu Ajit: "IEWB - RS -Lab 2 Task 9.4 - ICMP filtering"
• Next in thread: Brian Dennis: "RE: IEWB - RS -Lab 2 Task 9.4 - ICMP filtering"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

those two are for traceroute to work from behind reflexive ACL.

traceroute sends UDP packets to arbitrary port of traced IP and relies
on those two ICMP replies to do its hop-by-hop work.

http://www.freesoft.org/CIE/Topics/54.htm

HTH
A.

Adhu Ajit wrote:
> The solution for this question was a bit different from what I thought would be the solution.
>
> I dont quite understand why the two lines:
>
> permit icmp any any time-exceeded
> permit icmp any any port-unreachable
>
> have been inserted before the line:
>
> evaluate ICMP
>
> Should'nt "evaluate ICMP" statement take care of all ICMP responses coming back due to traffic orignated form the inside network ?
>
> Anyone care to comment ?
>
> Thanks in advance.
>
>
>
> ---------------------------------
> Everyone is raving about the all-new Yahoo! Mail beta.
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Danny Cox: "Re: Re: major network and classful"
• Previous message: Jens Petter: "RE: regarding cat 4500 switches"
• Maybe in reply to: Adhu Ajit: "IEWB - RS -Lab 2 Task 9.4 - ICMP filtering"
• Next in thread: Brian Dennis: "RE: IEWB - RS -Lab 2 Task 9.4 - ICMP filtering"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Dec 01 2006 - 08:05:47 ART