Okay, so we're speaking the same language.
Regards,
Jay McMickle- CCIE #35355 (R&S)
Sent from iJay
On Jul 11, 2012, at 8:18 AM, Ryan West <rwest_at_zyedge.com> wrote:
> Proxy ACL is the same as interesting traffic ACL. Depending on which platform you use, you'll see references to proxy ACLs and proxy id mismatches. Netscreen is a vendor that comes to mind. Named or not standard ACL means source only to me, which is why I asked about the interesting traffic ACL.
>
> Sent from handheld
>
> On Jul 11, 2012, at 9:09 AM, "Jay McMickle" <jay.mcmickle_at_yahoo.com> wrote:
>
>> I meant standard. What is a proxy ACL? I thought that was just a named ACL, but are you implying that it has a meaning and applied differently?
>>
>> School me, please.
>>
>> Regards,
>> Jay McMickle- CCIE #35355 (R&S)
>> Sent from iJay
>>
>> On Jul 11, 2012, at 7:56 AM, Ryan West <rwest_at_zyedge.com> wrote:
>>
>>> Jay,
>>>
>>> What do you mean by standard ACL. Is that in the context of a proxy acl, or just in general.
>>>
>>> Sent from handheld
>>>
>>> On Jul 11, 2012, at 7:11 AM, "Jay McMickle" <jay.mcmickle_at_yahoo.com> wrote:
>>>
>>>> I'll have to lab this up. Why is it that a standard IP ACL picks up ICMP even though it's not specified?
>>>>
>>>> He has since updated and stated that he was only using ICMP as an example, but I'm still interested in the ICMP portion. Lab time.
>>>>
>>>> Thanks, Brian.
>>>>
>>>> Regards,
>>>> Jay McMickle- CCIE #35355 (R&S)
>>>> Sent from iJay
>>>>
>>>> On Jul 10, 2012, at 9:38 PM, Brian McGahan <bmcgahan_at_ine.com> wrote:
>>>>
>>>>> In your proxy ACL you just need to specify only ICMP traffic, e.g. access-list PROXY_ACL permit icmp 172.16.1.0 255.255.255.0 172.16.2.0 255.255.255.0.
>>>>>
>>>>> Some cases will not work with the proxy ACL if you get too specific, but just using ICMP for the classifier should be fine.
>>>>>
>>>>>
>>>>> HTH,
>>>>>
>>>>> Brian McGahan, CCIE #8593 (R&S/SP/Security)
>>>>> bmcgahan_at_INE.com
>>>>>
>>>>> Internetwork Expert, Inc.
>>>>> http://www.INE.com
>>>>>
>>>>>
>>>>> -----Original Message-----
>>>>> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of amin
>>>>> Sent: Saturday, July 07, 2012 6:18 AM
>>>>> To: ccielab_at_groupstudy.com
>>>>> Subject: Site2site between ASAs
>>>>>
>>>>> Hi experts,
>>>>>
>>>>> Site2site VPN between two ASAs, let us assume I want to encrypt the ICMP, and leave the two LANs traffic between the two site unencrypted.
>>>>>
>>>>> LAN 1 172.16.1.1/24, LAN 2 172.16.2.0/24 == ICMP encrypted
>>>>>
>>>>> LAN 1 172.16.1.1/24, LAN 2 172.16.2.0/24 == Other traffic unencrypted
>>>>>
>>>>>
>>>>>
>>>>> Regards,
>>>>>
>>>>> Amin
>>>>>
>>>>>
>>>>> Blogs and organic groups at http://www.ccie.net
>>>>>
>>>>> _______________________________________________________________________
>>>>> Subscription information may be found at:
>>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>>
>>>>>
>>>>> Blogs and organic groups at http://www.ccie.net
>>>>>
>>>>> _______________________________________________________________________
>>>>> Subscription information may be found at:
>>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>
>>>>
>>>> Blogs and organic groups at http://www.ccie.net
>>>>
>>>> _______________________________________________________________________
>>>> Subscription information may be found at:
>>>> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Wed Jul 11 2012 - 08:27:40 ART
This archive was generated by hypermail 2.2.0 : Wed Aug 01 2012 - 15:55:23 ART