Most ACL rules reject packets(just drop them), can ACL's be made to return a reject instead?
I am running a 2516(ios 12.0(23)) and a 1750(ios 12.0(3)) and want to send back a reject packet for ident inquires instead of denying or just dropping the packets. These routers are in seperate sites and are the boundry between the internal networks and the Internet.
In short, No. ACLs have only a permit and deny function and will not nor cannot return a packet to it's source, unless this source is connected to this router directly, where in you you could implement PBR (Policy Based Routing) to redirect this packet to a New (determined by you) next-hop address. This would not rewrite the destination address to be your source so you'd need some type of software (Sniffer) to allow packets not destined to it to be accepted. ACLs, if denying traffic can send ICMP (Administratively prohibited, or other) back to the host saying that the packet got dropped as well.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.