returning icmp packet will contain first X bytes of originating UDP
packet(at least ip/udp headers), and it is possible to determine ip
addresses and udp ports of session icmp "belongs" to.
On Fri, May 1, 2009 at 2:25 PM, CCIE RS <cc13rs_at_gmail.com> wrote:
> I am not aware of any technique like CBAC or Reflexive CAL that can take
> care of Trace route.
> I dont think CBAC is intelligent enough to keep state information for
> outgoing UDP and returing ICMP pkts.
> Let me know if i missed something.
>
> -CC13RS
>
>
>
> On Fri, May 1, 2009 at 9:17 PM, Dale Shaw <dale.shaw_at_gmail.com> wrote:
>>
>> I reckon any task that asked you to do that wouldn't actually require
>> you to know the range :-)
>>
>> (in other words, it'd be a reflexive ACL or CBAC task where return
>> traffic associated outbound probes would be automagically permitted
>> based on a state table entry.)
>>
>> cheers,
>> Dale
>>
>> On Fri, May 1, 2009 at 1:57 PM, CCIE RS <cc13rs_at_gmail.com> wrote:
>> > Thanks for the Link Scott!
>> > I am asking this question form the perspective of LAB exam where, If
>> asked
>> > to configure an ACL (Somewhere in the path), but still allow outgoing
>> > traceroute Packets.
>> > I know the UDP port range starts form 33434, but I am clueless about the
>> > upper limit. :(
>> >
>> > -CC13RS.
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Fri May 01 2009 - 14:44:22 ART
This archive was generated by hypermail 2.2.0 : Mon Jun 01 2009 - 07:04:41 ART