[c-nsp] "dynamic" access-list
Ueli Heuer
papierkuebel at gmail.com
Sun Jun 12 06:12:21 EDT 2005
On 6/12/05, Scott Weeks <surfer at mauigateway.com> wrote:
>
> On Sun, 12 Jun 2005, Ueli Heuer wrote:
> : On 6/11/05, Scott Weeks <surfer at mauigateway.com> wrote:
>
> : > Did anyone get back to you on this?
> : >
> : > now I tried to ping the hosts from a 'wrong' IP-Address, to check if
> : > the access list is working. I did not believe, the pings replied!
> : >
> : > There're no denies on the ACLs. Everything is allowed and that's why the
> : > ping replies came back to you.
> :
> : You forgot there is not written `deny ip any any` at the end of every
> : ip access-list this is not needed to write.
>
>
> Doh! That'll teach me to try helping while beergoggled... 8-) Too bad
> you made it public as I had sent it in private. I'll go hide in the
> corner now...
oops sorry, maybe its not a good idea to answer mails after some
saturday evening beers
Ueli
More information about the cisco-nsp
mailing list