From: steveaggie@gmail.com
Date: Thu Mar 27 2008 - 10:03:35 ART
If ICMP needs to transit the router and BB1 pings a router on the other side
of R5 how will the echo-reply get back out? It needs to be permitted
outbound which would be covered by the line you question.
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Mike
Haddad
Sent: Thursday, March 27, 2008 1:20 AM
To: ccielab@groupstudy.com
Subject: Reflexive ACL question IE Solutions Guide
Hello,
The question says allow ICMP to transit your router. The ACL represented
in
the IE Solutions guide is as follows:
ip access-list extended INBOUND
permit icmp any any echo
permit icmp any any echo-reply
permit ospf any any
evaluate REFLEXIVE
ip access-list extended OUTBOUND
permit icmp any any echo
permit icmp any any echo-reply -> I think this irrelevant since we will
never
match an ICMP echo-reply on outbound traffic. Even if the ICMP came from BB1
for example the routers behind this router will echo back
permit tcp any any reflect REFLEXIVE
permit udp any any reflect REFLEXIVE
Please see my note above. Am I correct?
Regards,
This archive was generated by hypermail 2.1.4 : Tue Apr 01 2008 - 07:53:54 ART