Re: Why does IOS only allow ICMP granularity on "destination" [7:42601] posted 04/25/2002
- Subject: Re: Why does IOS only allow ICMP granularity on "destination" [7:42601]
- From: "Gaz" <Gaz@xxxxxxxxxxxxxxx>
- Date: Thu, 25 Apr 2002 18:04:18 -0400
I don't think you will see the source as echo reply. By that, I mean that
the echo reply will only be evident in the destination. The source could be
Remember ICMP is the odd protocol, which has to be allowed both ways through
a firewall, because the reply is a totally separate session.
If you telnet from A to B. The destination port is 23. In the reply from B
to A 'source' port is 23.
If you use ping though for example, from A to B. The destination will be
echo. In the reply from B to A, the source will not be 'echo' it could be
anything. The important part will be the destination port which is
Hope I haven't confused. Hope even more that I haven't errored.
""Anthony Pace"" wrote in message
> for instance :
> access-list 101 permit icmp any host 220.127.116.11 echo
> access-list 101 permit icmp host 18.104.22.168 any echo-reply
> but not
> access-list 101 permit icmp any echo-reply any
> Anthony Pace
Message Posted at:
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to abuse@xxxxxxxxxxxxxx