ACL's: Reflexive

From: Sage Vadi (sagevadi@yahoo.co.uk)
Date: Sat Feb 15 2003 - 03:09:47 GMT-3

• Next message: cebuano: "QoS Solution Reference Network Design Guides"
• Previous message: Jason Cash: "Boot over network runs after flash"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

All,

R1---R2---R3

R2_Config:

interface Serial0.1 multipoint
ip access-group inboundTrusted in
ip access-group outboundTrusted out

ip access-list extended inboundTrusted
evaluate icmp_outin
permit tcp any eq bgp any
permit ospf any any

ip access-list extended outboundTrusted
permit icmp any any reflect icmp_outin

Problem/Question-

Q) R1 can ping R3, reflexive works as per normal - it
is a lab req. But what I want to do is let R3 ping any
other router behind R2 - which it cannot when I apply
the reflexive ACL. How can I achieve this?

You will look @ the ACL and think - obvioulys he's
only permitting BGP/OSPF, but that is the key - I
dont' want to permit ICMP otherwise that defeats the
point of the reflexive ACL.

PS- R2 is a conjunction point for frame relay
connections.

Cheers,
Sage

• Next message: cebuano: "QoS Solution Reference Network Design Guides"
• Previous message: Jason Cash: "Boot over network runs after flash"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Mar 01 2003 - 11:06:24 GMT-3