reflexive access-lists for icmp

From: Kal Han (calikali2006@gmail.com)
Date: Thu Nov 23 2006 - 00:06:44 ART

• Next message: Chee Chew Leong: "Re: OT: FR fragment size consideration"
• Previous message: Nambi Appachigounder: "RE: BGP misconfigure AS number"
• Next in thread: Petr Lapukhov: "Re: reflexive access-lists for icmp"
• Maybe reply: Petr Lapukhov: "Re: reflexive access-lists for icmp"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi
Given that the icmp echo and echo-reply are of different types/codes
will adding a reflexive acl for icmp permit return traffic ?

example:

Extended IP access list *inbound
* 1 permit icmp any any echo reflect refin
    2 permit icmp any any echo-reply reflect refin

Extended IP access list *outbound
* 1 eval refin

with these access-lists applied on one interface,
will I be able to ping from outside to inside ?

Thanks
Kal

• Next message: Chee Chew Leong: "Re: OT: FR fragment size consideration"
• Previous message: Nambi Appachigounder: "RE: BGP misconfigure AS number"
• Next in thread: Petr Lapukhov: "Re: reflexive access-lists for icmp"
• Maybe reply: Petr Lapukhov: "Re: reflexive access-lists for icmp"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Dec 01 2006 - 08:05:48 ART