Reflexive ACL question IE Solutions Guide

From: Mike Haddad (mike.haddad@hotmail.com)
Date: Thu Mar 27 2008 - 03:19:34 ART

• Next message: Saptanshu: "ip pim dr-priority (Multicast)"
• Previous message: A A: "RS after a week!"
• Next in thread: steveaggie@gmail.com: "RE: Reflexive ACL question IE Solutions Guide"
• Maybe reply: steveaggie@gmail.com: "RE: Reflexive ACL question IE Solutions Guide"
• Maybe reply: Scott Morris: "RE: Reflexive ACL question IE Solutions Guide"
• Maybe reply: Mike Haddad: "RE: Reflexive ACL question IE Solutions Guide"
• Maybe reply: Scott Morris: "RE: Reflexive ACL question IE Solutions Guide"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hello,

   The question says allow ICMP to transit your router. The ACL represented in
the IE Solutions guide is as follows:

ip access-list extended INBOUND
permit icmp any any echo
permit icmp any any echo-reply
permit ospf any any
evaluate REFLEXIVE

ip access-list extended OUTBOUND
permit icmp any any echo
permit icmp any any echo-reply -> I think this irrelevant since we will never
match an ICMP echo-reply on outbound traffic. Even if the ICMP came from BB1
for example the routers behind this router will echo back
permit tcp any any reflect REFLEXIVE
permit udp any any reflect REFLEXIVE

Please see my note above. Am I correct?
Regards,

• Next message: Saptanshu: "ip pim dr-priority (Multicast)"
• Previous message: A A: "RS after a week!"
• Next in thread: steveaggie@gmail.com: "RE: Reflexive ACL question IE Solutions Guide"
• Maybe reply: steveaggie@gmail.com: "RE: Reflexive ACL question IE Solutions Guide"
• Maybe reply: Scott Morris: "RE: Reflexive ACL question IE Solutions Guide"
• Maybe reply: Mike Haddad: "RE: Reflexive ACL question IE Solutions Guide"
• Maybe reply: Scott Morris: "RE: Reflexive ACL question IE Solutions Guide"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Apr 01 2008 - 07:53:54 ART