: ping , access-list permit ip any any

Does "access-list permit ip any any" permit ping ? or I have to issue : "ping icmp any any" ?

Because as far as I remember (right now I do not any router handy) when i had configured a router long time ago, I used to use: permit ip any any

Any comment will be appreciated.

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

MrD

permit ip any any permits everything

Check out this whitepaper:

http://www.cisco.com/warp/public/105/acl_wp.html

zillah

Thanks for this insight

permit ip any any permits everything

This is what I believe also, but I was not able to locate any online document.

I will got through what you have posted.

1- Could you please tell me what everything does it mean ?

2- Does the same thing apply to a PIX firewall (this is the reason for my thread ) ?

MrD

"access-list 101 permit ip any any" means:

permit protocol ip from any to any

It means the same thing on the PIX, but firewalls work differently than routers. Firewalls are closed by default while routers are open. You must also take security levels into account as well as NATing when working on PIX's. The following has some great information on it:

http://www.cisco.com/warp/public/707/28.html#intro

zillah

permit protocol ip from any to any

Thanks.

I am aware of this part of ACL : from any source address to any destination address, but my question is : as we know that icmp means ping.

What about ip protocol ?, answer will be, it includes icmp, what other protocol apart of icmp does it include ?

rossonieri#1

mrD :

"access-list 101 permit ip any any" means:

permit protocol ip from any to any

i dont think that is a correct answer for the issue.

zillah is correct - we know that.

but other than the fact that permit ip can permit ping is that the only protocol for any modern networked computer to communicate is to use IP as carrier protocol for the upper layer protocol.

ICMP itself can be anything from echo/ping - destination unreach - redirect etc..

cheers.[/quote]