GroupStudy.com GroupStudy.com - A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
Re: Why does IOS only allow ICMP granularity on "destination" [7:42601] posted 04/25/2002
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]


I don't think you will see the source as echo reply. By that, I mean that
the echo reply will only be evident in the destination. The source could be
any port.
Remember ICMP is the odd protocol, which has to be allowed both ways through
a firewall, because the reply is a totally separate session.

If you telnet from A to B. The destination port is 23. In the reply from B
to A  'source' port is 23.
If you use ping though for example, from A to B. The destination will be
echo. In the reply from B to A, the source will not be 'echo' it could be
anything. The important part will be the destination port which is
'echo-reply'.


Hope I haven't confused. Hope even more that I haven't errored.


Gaz


""Anthony Pace""  wrote in message
news:200204252037.QAA19835@xxxxxxxxxxxxxxxxx
> for instance :
>
> access-list 101 permit icmp any host 207.122.1.5 echo
> access-list 101 permit icmp host 207.122.2.3 any echo-reply
>
> but not
>
> access-list 101 permit icmp any echo-reply any
>
> Anthony Pace




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=42601&t=42601
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to abuse@xxxxxxxxxxxxxx