[c-nsp] "dynamic" access-list
Scott Weeks
surfer at mauigateway.com
Sat Jun 11 20:26:56 EDT 2005
On Sun, 12 Jun 2005, Ueli Heuer wrote:
: On 6/11/05, Scott Weeks <surfer at mauigateway.com> wrote:
: > Did anyone get back to you on this?
: >
: > now I tried to ping the hosts from a 'wrong' IP-Address, to check if
: > the access list is working. I did not believe, the pings replied!
: >
: > There're no denies on the ACLs. Everything is allowed and that's why the
: > ping replies came back to you.
:
: You forgot there is not written `deny ip any any` at the end of every
: ip access-list this is not needed to write.
Doh! That'll teach me to try helping while beergoggled... 8-) Too bad
you made it public as I had sent it in private. I'll go hide in the
corner now...
scott
More information about the cisco-nsp
mailing list