RE: ACL Gurus [7:27361]

2001-11-26 Thread Matthew Tayler
Ok I am a little confused here, but 1. What does access-list 101 actually deny ? 2. If you permit all ip are you not also allowing all tcp & udp ? Matt T Jeff wrote: > > Looking to block icmp-echo on my external router... just want > to doublecheck > that I'm putting these on the right interfac

Re: ACL Gurus [7:27361]

2001-11-26 Thread Gaz
My view/guestimation only here, so anyone is welcome to pick holes in it: I would apply 101 (the outgoing access list to the ethernet port). May as well drop the rubbish before the router processes it. I would also make it: access-list 101 permit icmp x.x.54.0 0.0.1.255 any echo (equivalent to

RE: ACL Gurus [7:27361]

2001-11-26 Thread Scott Nawalaniec
at about udp and tcp protocols? The implicit deny would drop all protocols at the end. Scott -Original Message- From: Gaz [mailto:[EMAIL PROTECTED]] Sent: Monday, November 26, 2001 3:56 PM To: [EMAIL PROTECTED] Subject: Re: ACL Gurus [7:27361] My view/guestimation only here, so anyone is w

RE: ACL Gurus [7:27361]

2001-11-26 Thread [EMAIL PROTECTED]
rwarded by Jenny Mcleod/NSO/CSDA on 27/11/2001 02:09 pm - "Scott Nawalaniec" To: [EMAIL PROTECTED] Subject: RE: ACL Gurus [7:2736

RE: ACL Gurus [7:27361]

2001-11-26 Thread Kent Hundley
herwise all ICMP packets would be permitted by the next acl entry "permit ip any any". -Kent -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Scott Nawalaniec Sent: Monday, November 26, 2001 4:30 PM To: [EMAIL PROTECTED] Subject: RE: ACL Gurus [7:27

RE: ACL Gurus [7:27361]

2001-11-27 Thread Scott Nawalaniec
PM To: [EMAIL PROTECTED] Subject: RE: ACL Gurus [7:27361] TCP, UDP, ICMP and any other IP protocols all require IP to perform layer 3 related functions. In fact, any application, session, transport or other layer software that is part of the TCP/IP suite uses IP for its layer 3 functions. They ar

RE: ACL Gurus [7:27361]

2001-11-27 Thread Scott Nawalaniec
Thanx for the info and the verification. Scott -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, November 26, 2001 7:25 PM To: [EMAIL PROTECTED] Subject: RE: ACL Gurus [7:27361] "My understanding is ICMP is not a subset of IP or anything wi

RE: ACL Gurus [7:27361]

2001-12-07 Thread Scott Nawalaniec
gging: level debugging, 727 message lines logged Logging to X.X.X.X, 727 message lines logged HTH, Scott -Original Message- From: anil [mailto:[EMAIL PROTECTED]] Sent: Friday, December 07, 2001 12:58 PM To: Scott Nawalaniec Subject: RE: ACL Gurus [7:27361] Scott, If I add an access

Re: ACL Gurus [7:27361]

2001-12-07 Thread Philip Palanchi
ges logged > Buffer logging: disabled > Trap logging: level debugging, 727 message lines logged > Logging to X.X.X.X, 727 message lines logged > > HTH, > > Scott > > -Original Message- > From: anil [mailto:[EMAIL PROTECTED]] > Sent: Friday, D