Hi guys,
in your opinion.. If I'm asked to permit all IP traffic **FOR** router R1..
is it different from permitting all IP traffic **TO** router R1?
if there is a difference I would go for:
access-list 100 permit ip any any --> for first case.. **FOR**
access-list 100 permit ip any x.x.x.x x.x.x.x (where x.x.x.x is subnets
owned by R1) --> second case... *** TO ***
does this make sense or not at all?
question 2:
if I'm asked to deny all icmp unreachable messages what would you do?
there are 5 unreachable option using icmp messages..
according to my test 'unreachable' should be good enough.. or at least is
the only one that matches my acl..
Extended IP access list 190
10 deny icmp any any port-unreachable log
20 deny icmp any any protocol-unreachable log
25 deny icmp any any net-unreachable
30 deny icmp any any unreachable log (6 matches)
40 deny icmp any any host-unreachable log
50 permit ip any any (24 matches)
thanks in advance for your support.
-- @ccie99999 Blogs and organic groups at http://www.ccie.netReceived on Sun Sep 09 2012 - 07:13:34 ART
This archive was generated by hypermail 2.2.0 : Mon Oct 01 2012 - 06:40:29 ART