Re: problem with reflexive access list

From: John Tafasi (johntafasi@yahoo.com)
Date: Sun Dec 15 2002 - 08:08:35 GMT-3

• Next message: Abdallah Al-Suwailem: "Auto-install document"
• Previous message: Robert Slaski: "Re: 3550 security"
• Maybe in reply to: John Tafasi: "problem with reflexive access list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thank you Brian that was why it did not work. Now it is working .

----- Original Message -----
From: "Brian Dennis" <brian@5g.net>
To: "'John Tafasi'" <johntafasi@yahoo.com>; "'Cisco Group Study'"
<cisco@groupstudy.com>; "'ccielab'" <ccielab@groupstudy.com>
Sent: Saturday, December 14, 2002 12:35 PM
Subject: RE: problem with reflexive access list

> You also misspelled "outboundfilter" when you applied it to Ethernet 0.
>
> Brian Dennis, CCIE #2210 (R&S/ISP Dial/Security)
>
> -----Original Message-----
> From: John Tafasi [mailto:johntafasi@yahoo.com]
> Sent: Friday, December 13, 2002 11:43 PM
> To: Brian Dennis; 'Cisco Group Study'; 'ccielab'
> Subject: Re: problem with reflexive access list
>
> I tried that too and it did not work.
> ----- Original Message -----
> From: "Brian Dennis" <brian@5g.net>
> To: "'John Tafasi'" <johntafasi@yahoo.com>; "'Cisco Group Study'"
> <cisco@groupstudy.com>; "'ccielab'" <ccielab@groupstudy.com>
> Sent: Friday, December 13, 2002 11:56 PM
> Subject: RE: problem with reflexive access list
>
>
> > John,
> > By default packets sourced by the router will not be affected by an
> > outbound ACL. Since the outbound ACL does not "see" the telnet traffic
> > sourced by the router, the router does not add an entry to the inbound
> > ACL to allow the traffic to return. Try telneting from behind R5.
> >
> > Brian Dennis, CCIE #2210 (R&S/ISP Dial/Security)
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> Of
> > John Tafasi
> > Sent: Friday, December 13, 2002 4:32 PM
> > To: Cisco Group Study; ccielab
> > Subject: problem with reflexive access list
> >
> > Hello,
> >
> > I have a problem telneting from r5 to r2 when reflexive ip access list
> > is
> > configured. Without the reflexive access list, the telnet will work
> > fine.
> > The two routers are directly connect via their ethernet 0 interfaces.
> > Could
> > some one find out what is wrong with my configuration. Both routers
> are
> > using their ethernet ip addresses for source and destination of the
> > telnet
> > traffic.
> >
> >
> > hostname r5
> > !
> > ip reflexive-list timeout 1000
> > !
> > ip access-list extended inboundfilter
> > permit igrp any any
> > evaluate tcptraffic
> > ip access-list extended outboundfilter
> > permit tcp any any reflect tcptraffic timeout 5000
> > !
> > interface Ethernet0
> > ip address 10.10.110.3 255.255.255.0
> > ip access-group inboundfilter in
> > ip access-group outboundfiler out
> > ntp disable
> >
> > ================
> >
> > hostname r2
> > !
> > interface Ethernet0
> > ip address 10.10.110.16 255.255.255.0
> > .
.

• Next message: Abdallah Al-Suwailem: "Auto-install document"
• Previous message: Robert Slaski: "Re: 3550 security"
• Maybe in reply to: John Tafasi: "problem with reflexive access list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Jan 17 2003 - 17:21:46 GMT-3