Fragment direction

From: Mohamed Tandou (dtandou@gmail.com)
Date: Mon Sep 15 2008 - 08:58:22 ART

• Next message: Ivan Centeno: "a nice website"
• Previous message: Shahid Ansari: "Re: Calculators in the Lab"
• Next in thread: Scott Morris: "RE: Fragment direction"
• Maybe reply: Scott Morris: "RE: Fragment direction"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hello GS,
in what direction should i apply the ip access-group if i want to prevent
fragmentation to a webb server.
When i applied inboud i get this:

*Mar 1 00:48:17.303: IP Fragment, Ident = 1, fragment offset = 0
*Mar 1 00:48:17.303: ICMP type=8, code=0
*Mar 1 00:48:17.303: IP: recv fragment from 11.11.12.1 offset 0 bytes
*Mar 1 00:48:17.491: IP: s=11.11.12.1 (Serial0/0), d=11.11.12.2, len 1500,
access denied
*Mar 1 00:48:17.491: IP Fragment, Ident = 1, fragment offset = 1480
*Mar 1 00:48:17.679: IP: s=11.11.12.1 (Serial0/0), d=11.11.12.2, len 1500,
access denied
*Mar 1 00:48:17.679: IP Fragment, Ident = 1, fragment offset = 2960
*Mar 1 00:48:17.867: IP: s=11.11.12.1 (Serial0/0), d=11.11.12.2, len 1500,
access denied
*Mar 1 00:48:17.867: IP Fragment, Ident = 1, fragment offset = 4440
*Mar 1 00:48:18.055: IP: s=11.11.12.1 (Serial0/0), d=11.11.12.2, len 1500,
access denied
*Mar 1 00:48:18.055: IP Fragment, Ident = 1, fragment offset = 5920
*Mar 1 00:48:18.243: IP: s=11.11.12.1 (Serial0/0), d=11.11.12.2, len 1500,
access denied
*Mar 1 00:48:18.243: IP Fragment, Ident = 1, fragment offset = 7400
*Mar 1 00:48:18.431: IP: s=11.11.12.1 (Serial0/0), d=11.11.12.2, len 1500,
access denied
*Mar 1 00:48:18.431: IP Fragment, Ident = 1, fragment offset = 8880
*Mar 1 00:48:18.619: IP: s=11.11.12.1 (Serial0/0), d=11.11.12.2, len 1500,
access denied
*Mar 1 00:48:18.619: IP Fragment, Ident = 1, fragment offset = 10360
*Mar 1 00:48:18.807: IP: s=11.11.12.1 (Serial0/0), d=11.11.12.2, len 1500,
access denied
*Mar 1 00:48:18.807: IP Fragment, Ident = 1, fragment offset = 11840
*Mar 1 00:48:18.995: IP: s=11.11.12.1 (Serial0/0), d=11.11.12.2, len 1500,
access denied

But i applied outbound i get this:

*Mar 1 00:51:26.539: IP: s=11.11.12.2 (local),
d=11.11.25.6(FastEthernet0/0), len 1500, sending fragment
*Mar 1 00:51:26.539: IP Fragment, Ident = 5, fragment offset = 0
*Mar 1 00:51:26.539: ICMP type=0, code=0
*Mar 1 00:51:26.539: IP: s=11.11.12.2 (local),
d=11.11.25.6(FastEthernet0/0), len 1500, sending fragment
*Mar 1 00:51:26.539: IP Fragment, Ident = 5, fragment offset = 1480
*Mar 1 00:51:26.539: IP: s=11.11.12.2 (local),
d=11.11.25.6(FastEthernet0/0), len 1500, sending fragment
*Mar 1 00:51:26.539: IP Fragment, Ident = 5, fragment offset = 2960
*Mar 1 00:51:26.543: IP: s=11.11.12.2 (local),
d=11.11.25.6(FastEthernet0/0), len 1500, sending fragment
*Mar 1 00:51:26.543: IP Fragment, Ident = 5, fragment offset = 4440
*Mar 1 00:51:26.543: IP: s=11.11.12.2 (local),
d=11.11.25.6(FastEthernet0/0), len 1500, sending fragment
*Mar 1 00:51:26.543: IP Fragment, Ident = 5, fragment offset = 5920
*Mar 1 00:51:26.543: IP: s=11.11.12.2 (local),
d=11.11.25.6(FastEthernet0/0), len 1500, sending fragment
*Mar 1 00:51:26.543: IP Fragment, Ident = 5, fragment offset = 7400
*Mar 1 00:51:26.547: IP: s=11.11.12.2 (local),
d=11.11.25.6(FastEthernet0/0), len 1500, sending fragment
*Mar 1 00:51:26.547: IP Fragment, Ident = 5, fragment offset = 8880
*Mar 1 00:51:26.547: IP: s=11.11.12.2 (local),
d=11.11.25.6(FastEthernet0/0), len 1500, sending fragment
*Mar 1 00:51:26.547: IP Fragment, Ident = 5, fragment offset = 10360

Can someone help me out here ?

Thanks

Moh

Blogs and organic groups at http://www.ccie.net

• Next message: Ivan Centeno: "a nice website"
• Previous message: Shahid Ansari: "Re: Calculators in the Lab"
• Next in thread: Scott Morris: "RE: Fragment direction"
• Maybe reply: Scott Morris: "RE: Fragment direction"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Oct 04 2008 - 09:26:18 ART