I don't think you will see the source as echo reply. By that, I mean that the echo reply will only be evident in the destination. The source could be any port. Remember ICMP is the odd protocol, which has to be allowed both ways through a firewall, because the reply is a totally separate session.
If you telnet from A to B. The destination port is 23. In the reply from B to A 'source' port is 23. If you use ping though for example, from A to B. The destination will be echo. In the reply from B to A, the source will not be 'echo' it could be anything. The important part will be the destination port which is 'echo-reply'. Hope I haven't confused. Hope even more that I haven't errored. Gaz ""Anthony Pace"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > for instance : > > access-list 101 permit icmp any host 207.122.1.5 echo > access-list 101 permit icmp host 207.122.2.3 any echo-reply > > but not > > access-list 101 permit icmp any echo-reply any > > Anthony Pace Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=42601&t=42601 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
