Options

: ping , access-list permit ip any any

zillahzillah Member Posts: 42 ■■□□□□□□□□
in CCNP
Does "access-list permit ip any any" permit ping ? or I have to issue : "ping icmp any any" ?

Because as far as I remember (right now I do not any router handy) when i had configured a router long time ago, I used to use: permit ip any any

Any comment will be appreciated.
· Share on FacebookShare on Twitter

Comments

  • Options
    MrDMrD Member Posts: 441
    permit ip any any permits everything

    Check out this whitepaper:

    http://www.cisco.com/warp/public/105/acl_wp.html
    · Share on FacebookShare on Twitter
  • Options
    zillahzillah Member Posts: 42 ■■□□□□□□□□
    Thanks for this insight
    permit ip any any permits everything
    This is what I believe also, but I was not able to locate any online document.

    I will got through what you have posted.

    1- Could you please tell me what everything does it mean ?

    2- Does the same thing apply to a PIX firewall (this is the reason for my thread ) ?
    · Share on FacebookShare on Twitter
  • Options
    MrDMrD Member Posts: 441
    "access-list 101 permit ip any any" means:

    permit protocol ip from any to any

    It means the same thing on the PIX, but firewalls work differently than routers. Firewalls are closed by default while routers are open. You must also take security levels into account as well as NATing when working on PIX's. The following has some great information on it:


    http://www.cisco.com/warp/public/707/28.html#intro
    · Share on FacebookShare on Twitter
  • Options
    zillahzillah Member Posts: 42 ■■□□□□□□□□
    permit protocol ip from any to any

    Thanks.

    I am aware of this part of ACL : from any source address to any destination address, but my question is : as we know that icmp means ping.

    What about ip protocol ?, answer will be, it includes icmp, what other protocol apart of icmp does it include ?
    · Share on FacebookShare on Twitter
  • Options
    rossonieri#1rossonieri#1 Member Posts: 799 ■■■□□□□□□□
    mrD :

    "access-list 101 permit ip any any" means:

    permit protocol ip from any to any

    :)

    i dont think that is a correct answer for the issue.

    zillah is correct - we know that.

    but other than the fact that permit ip can permit ping is that the only protocol for any modern networked computer to communicate is to use IP as carrier protocol for the upper layer protocol.

    ICMP itself can be anything from echo/ping - destination unreach - redirect etc..

    cheers.[/quote]
    the More I know, that is more and More I dont know.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.