NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] IP protocol 94



In the immortant words on Monty Burns......."Excellent..."

Jason

Ian Campbell wrote:
> 
> <<Anyway, with that said, a Cisco ACL command to allow this would look
> something like this:
> 
> "access-list 100 permit 94 host 1.2.3.4 host 5.6.7.8" , or whatever.
> Hope this helps!>>
> 
> It does, and that's exactly what I needed! Thanks Jason, you're a star!
> 
> Ian
> 
> -----Original Message-----
> From: Jason Witty [mailto:[email protected]]
> Sent: Friday, September 22, 2000 6:01 AM
> To: [email protected]
> Cc: Ian Campbell; [email protected]
> Subject: Re: [FW1] IP protocol 94
> 
> Exapnding on this, <protocol> can be either a keyword like "tcp", "udp",
> "igmp", "icmp", etc. or an integer between 0-255, representing the IP
> protocol number.  For those interested, I list all of the IANA IP
> protocol number designations (and a whole lot of other info gathered
> from vairous RFCs and people) at
> http://www.wittys.com/files/all-ip-numbers.txt .  The IP protocols are
> listed at the very bottom of the page.
> 
> Anyway, with that said, a Cisco ACL command to allow this would look
> something like this:
> 
> "access-list 100 permit 94 host 1.2.3.4 host 5.6.7.8" , or whatever.
> Hope this helps!
> 
> Jason
> 
> [email protected] wrote:
> >
> > I've not tried this (don't use SR here) and you don't say what routers
> you're
> > using so I'll assume, but ciscos allow all manner of IP protocols to be
> passed
> > through access lists.
> >
> > In their terminology access lists are created like
> >
> >      access-list 100 <action><protocol> <srcip> [srcport] <destip>
> [destport]
> >
> > so for a telnet session you might have
> >
> >      access-list 100 permit tcp host 1.2.3.4 host 5.6.7.8 eq telnet
> >
> > In this instance the protocol is TCP (IP protocol 6), but you can
> substitute tcp
> > for any valid IP protocol number.  Ports probably aren't valid here are
> they
> > refer specifically to TCP/UDP and not IP_P 94 - it'd be like looking for
> ports
> > on ICMP packets.
> >
> > The URL below is a pretty thorough desc. of access-list construction on
> Ciscos.
> >
> >
> http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/np1_r
> /1rprt2/1rip.htm#xtocid26908
> >
> > If it's not a cisco, then I don't know.  If I'm wrong, no doubt someone
> with
> > actual real experience of this will step forward :-)
> >
> > Regards
> >
> > [email protected] on 22/09/2000 07:57:33
> >
> > To:   [email protected]
> > cc:    (bcc: Simon Devlin/GB/ABNAMRO/NL)
> > Subject:  [FW1] IP protocol 94
> >
> > Hi Firewallers,
> >
> > I'm writing an inbound access-list for our Internet access router, and one
> > thing I need to worry about is allowing SR sessions through. Checkpoint's
> > web site and Phoneboy's site tell pretty much what's necessary to get site
> > topology updates and authentication going (and I was able to get these
> > working using the information given there).
> >
> > The trouble is that in order to allow the actual session through, I need
> to
> > allow what both Phoneboy and Checkpoint describe as 'Bi-directional IP
> > protocol 94', and I haven't got a clue as to what this is.
> >
> > What does this translate to in terms of TCP or UDP ports (or something
> else)
> > that I need to allow through the router to get the session working? Thanks
> > for any insight,
> >
> > Ian
> >
> >
> ============================================================================
> ====
> >      To unsubscribe from this mailing list, please see the instructions at
> >                http://www.checkpoint.com/services/mailing.html
> >
> ============================================================================
> ====
> >
> >
> ============================================================================
> ====
> >      To unsubscribe from this mailing list, please see the instructions at
> >                http://www.checkpoint.com/services/mailing.html
> >
> ============================================================================
> ====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents � 2003 Network Presence, LLC. All rights reserved.