Hi Guys,
I have applied an inbound ACL on the Vlan interface of 7606. After monitoring
the ACL it seems packet are not matching to the permit statements in the ACL as
expected. (entries 40,50)
1.1.0.0/16 and 2.2.0.0/16 are just for example. One of the purpose of this acl
is to deny all incoming TCP connection request but allow TCP session only for
those initiated from inside of the network.
Any thoughts why packets are not matching? Is there any known issues for the
7606s or any special configuration missing here?
10 deny ip 10.0.0.0 0.255.255.255 any (6 matches)
20 deny ip 192.168.0.0 0.0.255.255 any
30 deny ip 172.16.0.0 0.15.255.255 any (4 matches)
40 permit tcp any 1.1.0.0 0.0.255.255 established (16 matches)
50 permit tcp any 2.2.2.0 0.0.255.255 established
100 permit esp any any
110 permit ahp any any
120 permit icmp any any (7 matches)
130 permit gre any any
280 permit udp any any eq 6901
310 deny ip any 1.1.0.0 0.0.0.255 (9024 matches)
320 deny ip any 2.2.0.0 0.0.0.255 (5251 matches)
350 permit ip any any (82 matches)
Moreover I observed that the ping packets are not matching to permit icmp any
any entry as well.
Thanks in Advance
Blogs and organic groups at http://www.ccie.net
Received on Mon Sep 27 2010 - 16:28:32 ART
This archive was generated by hypermail 2.2.0 : Fri Oct 01 2010 - 05:58:06 ART