[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] IP protocol 94
I've not tried this (don't use SR here) and you don't say what routers you're using so I'll assume, but ciscos allow all manner of IP protocols to be passed through access lists. In their terminology access lists are created like access-list 100 <action><protocol> <srcip> [srcport] <destip> [destport] so for a telnet session you might have access-list 100 permit tcp host 1.2.3.4 host 5.6.7.8 eq telnet In this instance the protocol is TCP (IP protocol 6), but you can substitute tcp for any valid IP protocol number. Ports probably aren't valid here are they refer specifically to TCP/UDP and not IP_P 94 - it'd be like looking for ports on ICMP packets. The URL below is a pretty thorough desc. of access-list construction on Ciscos. http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/np1_r/1rprt2/1rip.htm#xtocid26908 If it's not a cisco, then I don't know. If I'm wrong, no doubt someone with actual real experience of this will step forward :-) Regards [email protected] on 22/09/2000 07:57:33 To: [email protected] cc: (bcc: Simon Devlin/GB/ABNAMRO/NL) Subject: [FW1] IP protocol 94 Hi Firewallers, I'm writing an inbound access-list for our Internet access router, and one thing I need to worry about is allowing SR sessions through. Checkpoint's web site and Phoneboy's site tell pretty much what's necessary to get site topology updates and authentication going (and I was able to get these working using the information given there). The trouble is that in order to allow the actual session through, I need to allow what both Phoneboy and Checkpoint describe as 'Bi-directional IP protocol 94', and I haven't got a clue as to what this is. What does this translate to in terms of TCP or UDP ports (or something else) that I need to allow through the router to get the session working? Thanks for any insight, Ian ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|