From: Ouellette, Tim (tim.ouellette@xxxxxxx)
Date: Mon Mar 18 2002 - 01:33:17 GMT-3
Heh, I had the exact same problem. The router you have the reflex-acl
doesn't apply it's own traffic towards it. Try using a PC that is
connected. What I mean is this.
(pc1)---eth--Router1===HDLC===Router2.
Apply the acl to the ethernet interface of router one. Have pc1 ping
router2 and and you should see hits to your acl. Atleast that's what took me
15-30 minutes to figure out in my home lab. Kinda like "ip local-policy).
Tim
-----Original Message-----
From: Bill Greenwood [mailto:billgreenwood@earthlink.net]
Sent: Friday, March 15, 2002 10:48 PM
To: ccielab@groupstudy.com
Subject: Refle
I can't seem to get reflective access-list to work. I've made the config
about as simple as possible. What am I missing?
!
ip access-list extended inboundfilters
evaluate tcptraffic
ip access-list extended outboundfilters
permit ip any any reflect tcptraffic
!
R3#sr int s1
Building configuration...
Current configuration:
!
interface Serial1
description Access to the Internet via this interface
bandwidth 56
ip address 172.16.23.3 255.255.255.0
ip access-group inboundfilters in
ip access-group outboundfilters out
ip pim sparse-mode
no ip route-cache
no ip mroute-cache
ipx network A23
no fair-queue
clockrate 56000
end
R3#ping 172.16.23.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.23.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
R3#sh access-lis
Extended IP access list inboundfilters
evaluate tcptraffic
Extended IP access list outboundfilters
permit ip any any reflect tcptraffic
Reflexive IP access list tcptraffic
R3#172.16.23.2
Trying 172.16.23.2 ...
% Connection timed out; remote host not responding
R3#sh access-lis
Extended IP access list inboundfilters
evaluate tcptraffic
Extended IP access list outboundfilters
permit ip any any reflect tcptraffic
Reflexive IP access list tcptraffic
R3#
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:57:12 GMT-3