[c-nsp] cannot ping MLPPP local IP address
Zhao, Wenmei (Sarah)
zhaow at alcatel-lucent.com
Tue Aug 28 09:46:09 EDT 2007
Hi Gert,
That explains. The Cisco doesn't have anti-spoofing configured,
but I think the other end does.
Thanks a lot!
Regards,
Sarah Zhao
http://www.geocities.com/redoakland/
-----Original Message-----
From: Gert Doering [mailto:gert at greenie.muc.de]
Sent: Tuesday, August 28, 2007 3:33 AM
To: Zhao, Wenmei (Sarah)
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] cannot ping MLPPP local IP address
Hi,
On Fri, Aug 24, 2007 at 02:14:56PM -0500, Zhao, Wenmei (Sarah) wrote:
> I have a MultiLinkPPP session up. Everything is working,
> traffic is flowing and I am able to ping the remote side of the link,
If you have anti-spoofing filters (or uRPF) configured, this is
intentional.
Reason: on a self-ping, the router sends out the packet via the link
in question (you can use that to test the link), and when the packet
comes
*back* from the other end, it fails the anti-spoofing test.
If you use uRPF, there is a "allow-self-ping" flag:
Cisco(config-if)#ip verify unicast source reachable-via rx ?
<1-199> IP access list (standard or extended)
<1300-2699> IP expanded access list (standard or extended)
allow-default Allow default route to match when checking source
address
allow-self-ping Allow router to ping itself (opens vulnerability in
verification)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany
gert at greenie.muc.de
fax: +49-89-35655025
gert at net.informatik.tu-muenchen.de
More information about the cisco-nsp
mailing list