Hi,
I have an interesting issue. On a 7200 router I have applied an extended access list with permit and deny of tcp, udp, and ip. The question I have is as ip and icmp are both network protocols do I have to implicitly deny icmp or is it sufficient to have deny ip any any.
TIA.
Jack.
Hi Jack,
ip is the container for icmp, udp & tcp.
Cheers................pk.
Yes, you could permit icmp, and deny IP, and icmp would be allowed through. But if you denied IP first, icmp would be nixed. I think (based on your question), that you want to deny icmp, therefore deny ip any any should take care of it provided you aren't allowing it through higher up on the list.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.