Re: Can't telnet- Can't ping

Wed, 03 Jan 2001 15:36:00 -0800 

Hi,

This comes up occasionally.  I don't understand why access lists are not put in place 
to allow you to ping out but not allow "echo reply" from your site.  Also why not 
allow sessions you have established.  ie access-list ## permit ip any any established 
or similar.

Often the reasons for doing this is to cut down on WAN charges.  The best way to avoid 
these is the use of local proxies and force all to use the proxy via an access list.  

Ping and Telnet do not usually cause a problem.  Ping attacks are a fear shutting down 
services not initiated by youself can overcome these issues.

I have found the use of ping highly desirable if not necessary when trouble shooting 
WAN and WEB problems.  The problems have included incorrect default gateway settings 
to Telco failures.  A number of products also use ping packets to do trace routes so 
your management could indeed be creating a lot of hassel for themselves.

I often Telnet to sockets when testing remote sites for example to port 25 to test a 
mail problem or port 80 to check a WEB server is up.  This often varifies DNS, 
addressing and server setup issues.  This is valid testing when looking at computer 
communications.


Hope this helps

Teunis,
Hobart, Tasmania
Australia

On Wednesday, January 03, 2001 at 02:53:31 PM, A.Strobel wrote:

> Working for an enterperise has its disadvantages. Based on the new policy, now
> I (network engineer) am unable to ping the outside world nor telnet to the
> outside world.
> 
> Although my main job is taking care of Cisco gear inside the enterprise, I
> hate the fact that someone with a half brain sitting at a proxy server
> dictates me what I can do and what I can not do.
> 
> I might have a chance in removing these restrictions if I can justify that I
> need to ping or telnet the ouside world.
> Can you guys think of any justification?
> 
> TIA,
> A. Strobel
> 
> 
> 
> 
> 
> 
> ____________________________________________________________________
> Get free email and a permanent address at http://www.amexmail.com/?A=1
> 
> _________________________________
> FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> 
> 


--
www.tasmail.com


_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to