Have a look on _source_ IP-address that your packets are generated with :))) Yes, you are right, you must check a source IPs in such situation (if traffic is generated inside the router). Do you have console whether telnet-connection to the router? Btw, my words touch _any_ network device, not Cisco's one.
Hi,
Ñ ÂÒÅÖÕ?! -
FastEthernet3/0/0 is up, line protocol is up Internet address is A.A.A.A/24 [ ... ] Outgoing access list is fw-out
#sh ip access-lists fw-out Extended IP access list fw-out permit icmp host A.A.A.A any log permit ip any any
ÐÏÐÙÔËÁ ÔÒÅÊÓÒÁÕÔÉÔØ Ó ÜÔÏÇÏ ÍÁÒÛÒÕÔÉÚÁÔÏÒÁ ÎÁ ×ÎÅÛÎÉÊ ÍÉÒ ÎÉËÁË ÎÅ ÏÔÒÁÖÁÅÔÓÑ ÎÉ × matches ËÏÍÁÎÄÙ show, ÎÉ × ÌÏÇÁÈ. üÔÏ ËÁÓÁÅÔÓÑ ×ÓÑËÏÇÏ ÔÒÁÆÉËÁ, ÐÏÒÏÖÄÅÎÎÏÇÏ _×ÎÕÔÒÉ_ ÍÁÒÛÒÕÔÉÚÁÔÏÒÁ? óÏÂÓÔ×ÅÎÎÏ, ÎÁÞÁÌÏÓØ ×ÓÅ Ó ÐÏÐÙÔËÉ ÎÁÓÔÒÏÉÔØ ÒÅÆÌÅËÓÉ×ÎÙÊ ACL... ÞÔÏ-ÔÏ Õ ÍÅÎÑ × ÇÏÌÏ×Å ËÒÕÔÉÔÓÑ ËÁËÏÅ-ÔÏ ×ÏÓÐÏÍÉÎÁÎÉÅ Ï ÔÏÍ, ÞÔÏ ÔÁËÏÊ ÔÒÁÆÉË ÏÂÒÁÂÁÔÙ×ÁÅÔÓÑ Ó ÏÓÏÂÅÎÎÏÓÔÑÍÉ, ÎÏ ÎÅ ÎÁÓÔÏÌØËÏ ÖÅ, ÞÔÏÂÙ × outgoing access-list'ÁÈ ÎÅ ÍÁÔÞÉÔØÓÑ! :)
ìÁÄÎÏ, ÉÄÅÍ ÄÁÌØÛÅ... ÷ÓÑËÏ ÂÙ×ÁÅÔ - ÏÔËÌÀÞÉÌ CEF. Same shit, different day... óÍÅÈÁ ÒÁÄÉ ÓÍÅÎÉÌ permit icmp ÎÁ deny icmp - ÎÉ ÆÉÇÁ ÎÅ ÄÅÎÁÉÔÓÑ, ÔÒÅÊÓ ÒÁÂÏÔÁÅÔ. 75-Ñ ÐÌÁÔÆÏÒÍÁ, 12.0(29)S.
Any comments?
óÐÁÓÉÂÏ.
/doka
=================================================================== uanog mailing list. To Unsubscribe: send mail to majordomo@uanog.kiev.ua with "unsubscribe uanog" in the body of the message
-- Regards, Oleh Hrynchuk Mobile: +380675025446 E-mail: oleh@nextra.cz =================================================================== uanog mailing list. To Unsubscribe: send mail to majordomo@uanog.kiev.ua with "unsubscribe uanog" in the body of the message