IP is a superset, which includes GRE, TCP, IP, and several others.
Easiest way to verify is by creating an ACL on a device. Configure the first line as permit IP any any, and follow with permits for any of the others - TCP, UDP, GRE, etc. You should only see counters increase on the IP any any line, as that would match them first. Marvin Greenlee, CCIE #12237 (R&S, SP, Sec) Senior Technical Instructor - IPexpert, Inc. Telephone: +1.810.326.1444 Fax: +1.810.454.0130 Mailto: [EMAIL PROTECTED] Join our free online support and peer group communities: http://www.IPexpert.com/communities IPexpert - The Global Leader in Self-Study, Classroom-Based, Video On Demand and Audio Certification Training Tools for the Cisco CCIE R&S Lab, CCIE Security Lab, CCIE Service Provider Lab, CCIE Voice Lab and CCIE Storage Lab Certifications. _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Thotsapol Luengwattanaphong Sent: Sunday, June 01, 2008 4:49 AM To: OSL CCIE Routing and Switching Lab Exam Cc: [EMAIL PROTECTED] Subject: Re: [OSL | CCIE_RS] Access-List on ASA Matt, Do we have to allow both protocols? If I want to let GRE packets passthrough the ASA Thanks Thot > Date: Sun, 1 Jun 2008 18:11:51 +0930 > From: [EMAIL PROTECTED] > To: [email protected] > CC: [EMAIL PROTECTED] > Subject: Re: [OSL | CCIE_RS] Access-List on ASA > > GRE is IP Protocol number 47. > TCP is 6 > etc etc > > Cheers, > Matt > > 2008/6/1 Thotsapol Luengwattanaphong <[EMAIL PROTECTED]>: > > Seems GRE has its own protocal number. So you have to allow GRE as well as > > IP just in case. > > Mavin,please correct me if I'm wrong > > > > Thot > > > > > > ________________________________ > > From: [EMAIL PROTECTED] > > To: [email protected]; [EMAIL PROTECTED] > > Date: Sat, 31 May 2008 16:36:42 -0400 > > Subject: Re: [OSL | CCIE_RS] Access-List on ASA > > > > IP is a superset, which includes TCP, UDP, GRE, and other protocols. > > > > > > > > IP can be used for either ASA or IOS ACLs. > > > > > > > > Marvin Greenlee, CCIE #12237 (R&S, SP, Sec) > > Senior Technical Instructor - IPexpert, Inc. > > Telephone: +1.810.326.1444 > > Fax: +1.810.454.0130 > > > > Mailto: [EMAIL PROTECTED] > > > > > > > > Join our free online support and peer group communities: > > http://www.IPexpert.com/communities > > > > > > > > IPexpert - The Global Leader in Self-Study, Classroom-Based, Video On Demand > > and Audio Certification Training Tools for the Cisco CCIE R&S Lab, CCIE > > Security Lab, CCIE Service Provider Lab, CCIE Voice Lab and CCIE Storage Lab > > Certifications. > > > > ________________________________ > > > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of ZEESHAN SANAULLAH > > Sent: Saturday, May 31, 2008 4:10 PM > > To: [email protected]; [EMAIL PROTECTED] > > Subject: [OSL | CCIE_RS] Access-List on ASA > > > > > > > > Dear All , > > > > > > When using acls on ASA , when we use protocol IP ... does this also include > > TCP or UDP ... or we have to use TCP acls or UDP acls.. > > > > > > for example permit ip host a.b.c.d host x.y.w.z > > > > does this also include tcp and udp > > > > or we have to use all there protocols to allow full access > > > > > > and what IOS Acls > > > > thanx > > > > > > > > ________________________________ > > > > Change the world with e-mail. Join the i'm Initiative from Microsoft. > > > > ________________________________ > > Give to a good cause with every e-mail. Join the i'm Initiative from > > Microsoft. _____ Keep your kids safer online with Windows Live Family Safety. Help protect your kids. <http://www.windowslive.com/family_safety/overview.html?ocid=TXT_TAGLM_WL_Re fresh_family_safety_052008>
