From: Bill Greenwood (billgreenwood@xxxxxxxxxxxxx)
Date: Sat Mar 16 2002 - 00:47:48 GMT-3
I can't seem to get reflective access-list to work. I've made the config
about as simple as possible. What am I missing?
!
ip access-list extended inboundfilters
evaluate tcptraffic
ip access-list extended outboundfilters
permit ip any any reflect tcptraffic
!
R3#sr int s1
Building configuration...
Current configuration:
!
interface Serial1
description Access to the Internet via this interface
bandwidth 56
ip address 172.16.23.3 255.255.255.0
ip access-group inboundfilters in
ip access-group outboundfilters out
ip pim sparse-mode
no ip route-cache
no ip mroute-cache
ipx network A23
no fair-queue
clockrate 56000
end
R3#ping 172.16.23.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.23.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
R3#sh access-lis
Extended IP access list inboundfilters
evaluate tcptraffic
Extended IP access list outboundfilters
permit ip any any reflect tcptraffic
Reflexive IP access list tcptraffic
R3#172.16.23.2
Trying 172.16.23.2 ...
% Connection timed out; remote host not responding
R3#sh access-lis
Extended IP access list inboundfilters
evaluate tcptraffic
Extended IP access list outboundfilters
permit ip any any reflect tcptraffic
Reflexive IP access list tcptraffic
R3#
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:57:10 GMT-3