From: Brian Dennis (bdennis@internetworkexpert.com)
Date: Tue Nov 14 2006 - 20:43:12 ART
It would if the traffic leaving was ICMP but since traceroute is sending
out UDP packets the router doesn't evaluate it as ICMP.
HTH,
Brian Dennis, CCIE #2210 (R&S/ISP-Dial/Security)
bdennis@internetworkexpert.com
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987
Direct: 775-745-6404 (Outside the US and Canada)
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Adhu Ajit
Sent: Tuesday, November 14, 2006 2:01 PM
To: ccielab@groupstudy.com
Subject: IEWB - RS -Lab 2 Task 9.4 - ICMP filtering
The solution for this question was a bit different from what I thought
would be the solution.
I dont quite understand why the two lines:
permit icmp any any time-exceeded
permit icmp any any port-unreachable
have been inserted before the line:
evaluate ICMP
Should'nt "evaluate ICMP" statement take care of all ICMP responses
coming back due to traffic orignated form the inside network ?
Anyone care to comment ?
Thanks in advance.
---------------------------------
Everyone is raving about the all-new Yahoo! Mail beta.
This archive was generated by hypermail 2.1.4 : Fri Dec 01 2006 - 08:05:47 ART