Terry, When you say, "t these packets already covered by other lines in the configuration?," What lines of the configuration are you talking about?
FW-OUT->IN passes icmp echo but does not inspect it. FW-IN->OUT passes the echo-reply since it wasn't inspected on the way in. FW-IN->OUT also inspects ICMP echo as it leaves and the return should be allowed without specifying echo-reply in the FW-OUT->IN policy. Is this what you are speaking about? Regards, Brandon Carroll - CCIE #23837 Senior Technical Instructor - IPexpert Mailto: [email protected] Telephone: +1.810.326.1444 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com On Mar 14, 2010, at 5:28 PM, Terry Little (terlittl) wrote: > s section calls out special treatment for the icmp packets. Aren’t thes
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
