From: Brian Dennis (brian@5g.net)
Date: Sat Dec 14 2002 - 03:56:41 GMT-3
John,
By default packets sourced by the router will not be affected by an
outbound ACL. Since the outbound ACL does not "see" the telnet traffic
sourced by the router, the router does not add an entry to the inbound
ACL to allow the traffic to return. Try telneting from behind R5.
Brian Dennis, CCIE #2210 (R&S/ISP Dial/Security)
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
John Tafasi
Sent: Friday, December 13, 2002 4:32 PM
To: Cisco Group Study; ccielab
Subject: problem with reflexive access list
Hello,
I have a problem telneting from r5 to r2 when reflexive ip access list
is
configured. Without the reflexive access list, the telnet will work
fine.
The two routers are directly connect via their ethernet 0 interfaces.
Could
some one find out what is wrong with my configuration. Both routers are
using their ethernet ip addresses for source and destination of the
telnet
traffic.
hostname r5
!
ip reflexive-list timeout 1000
!
ip access-list extended inboundfilter
permit igrp any any
evaluate tcptraffic
ip access-list extended outboundfilter
permit tcp any any reflect tcptraffic timeout 5000
!
interface Ethernet0
ip address 10.10.110.3 255.255.255.0
ip access-group inboundfilter in
ip access-group outboundfiler out
ntp disable
================
hostname r2
!
interface Ethernet0
ip address 10.10.110.16 255.255.255.0
.
.
This archive was generated by hypermail 2.1.4 : Fri Jan 17 2003 - 17:21:45 GMT-3