Re: Reflexive access-list

From: Hamele Kassa (hkassa@attrmc.net)
Date: Tue Oct 29 2002 - 19:17:39 GMT-3

• Next message: Georg Pauwen: "Cheap Memory"
• Previous message: Ayman Hamza: "RE: CCIE LAB VOICE question, How to reserve bandwidht for voice"
• Maybe in reply to: Ahmed Mamoor Amimi: "Reflexive access-list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

try to add the following on the inbound filter. Also permit udp if you are
pinging from a router it uses udp/icmp as unix machines.

permit icmp any any echo-reponse

rgs,
HK

----- Original Message -----
From: "Hung, Sing-Yu" <Sing-Yu.Hung@pccw.com>
To: "Hansang Bae" <hbae@nyc.rr.com>; <ccielab@groupstudy.com>
Sent: Tuesday, October 29, 2002 1:47 AM
Subject: RE: Reflexive access-list

> Hi,
>
> I have the below config
>
>
> ------(e3/1)r13(atm1/0)--.1--------30.30.30.0/24-----------.2--s0(ti)e0---

--
>
>
>
> r13#sh run int a1/0
> Building configuration...
>
> Current configuration : 164 bytes
> !
> interface ATM1/0
>  ip address 30.30.30.1 255.255.255.0
>  ip access-group inbound in
>  ip access-group outbound out
>  atm ilmi-keepalive
>  pvc 0/100
>   ubr 256
>  !
> end
> r13#sho access-l
> Extended IP access list inbound
>     permit ospf any any (1380 matches)
>     permit tcp any eq bgp any eq bgp
>     evaluate tcptraffic
> Extended IP access list outbound
>     permit ip any any reflect tcptraffic
>     permit tcp any any reflect tcptraffic
>     permit tcp any eq telnet any reflect tcptraffic
>     permit icmp any any reflect tcptraffic
> Reflexive IP access list tcptraffic
>
> why I can't ping router (t1)
> r13#ping 30.30.30.2
>
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 30.30.30.2, timeout is 2 seconds:
> .....
> r13#sho access-l
> Extended IP access list inbound
>     permit ospf any any (1388 matches)
>     permit tcp any eq bgp any eq bgp
>     evaluate tcptraffic
> Extended IP access list outbound
>     permit ip any any reflect tcptraffic
>     permit tcp any any reflect tcptraffic
>     permit tcp any eq telnet any reflect tcptraffic
>     permit icmp any any reflect tcptraffic
> Reflexive IP access list tcptraffic
>
>
> Bradford Hung
>
>  Pacific Century CyberWorks
>  Tel: 288 33125
>
>
> -----Original Message-----
> From: Hansang Bae [mailto:hbae@nyc.rr.com]
> Sent: Monday, October 28, 2002 5:59 AM
> To: ccielab@groupstudy.com
> Subject: RE: Reflexive access-list
>
>
> >-----Original Message-----
> >From: Ahmed Mamoor Amimi [mailto:mamoor@ieee.org]
> >Sent: Friday, October 25, 2002 8:43 AM
> >To: ccielab@groupstudy.com
> >Subject: Reflexive access-list
> >Can someone point me to an example and notes of reflexive access-list.
>
>
>
> I highly recommend Gil Held's Cisco Access List Field Guide.
>
> hsb

• Next message: Georg Pauwen: "Cheap Memory"
• Previous message: Ayman Hamza: "RE: CCIE LAB VOICE question, How to reserve bandwidht for voice"
• Maybe in reply to: Ahmed Mamoor Amimi: "Reflexive access-list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Nov 05 2002 - 08:35:59 GMT-3