From: Mike Haddad (mike.haddad@hotmail.com)
Date: Sun Apr 13 2008 - 20:19:46 ART
Hello,
THe question is in Lab 5 Task 8.1. He is asking to allow ping from R4 to
BB3. My solution was:
R4:
interface Ethernet0/0
ip access-group IN_ACL in
ip access-group OUT_ACL out
!
ip access-list extended IN_ACL
permit icmp any any echo-reply
permit icmp any any echo
permit tcp any eq telnet any established
permit tcp any any eq bgp
permit tcp any eq bgp any
permit udp any any eq rip
evaluate MY_REFLECT
ip access-list extended OUT_ACL
permit tcp any any reflect MY_REFLECT
permit udp any any reflect MY_REFLECT
permit icmp any any reflect MY_REFLECT
The Solution in the IE Guide was the same but without:
permit icmp any any echo -> IN the Inbound ACL
If you do test pinging to BB3 the router sends host unreachable messages to
BB3. Then in the solution guide he says you can work arround this issue by
setting using a local policy to route locally generated router traffic via
Lo0.
Is my solution considered correct? With my solution i don't have to create the
workaround specified in the IE Solutions guide for Lab5.
Thanks in Advance,
This archive was generated by hypermail 2.1.4 : Thu May 01 2008 - 08:25:50 ART