From: Steve Router (route2hell@hotmail.com)
Date: Mon Jun 23 2003 - 09:52:08 GMT-3
here is a little reflective access problem I Made:
- Of f R1 there is an ftp server permit ftp data to be passed to it and from
R1 ethernet addapter and have the traffic inspected both ways in (assuming
its running ftp in passive mode)
- Also you should permit ssh to this device (150.100.1.44) from any where
in the rack 133.X.X.X and out and the times out in 30 minutes also permit
rip and bgp outbound to another router R1 peers with in bgp and gets rip
info////
R1(150.100.1.1/24)=====================ftp Server
Is this a correct solution
ip reflexive-list timeout 1800
interface Ethernet0
ip address 133.5.23.2 255.255.255.0
ip access-group reflectin in
ip access-group reflectout out
ip access-list extended reflectin
permit ip any any
permit icmp any any
permit udp any any
evaluate checker
permit tcp host 150.100.1.44 133.5.0.0 0.0.255.255 eq 22 reflect checker
permit tcp any host 150.100.1.44 range ftp-data ftp reflect checker
ip access-list extended reflectout
permit tcp any host 150.100.1.44 range ftp-data ftp reflect checker
permit ip any any
permit icmp any any
permit udp any any
evaluate checker
permit tcp 133.5.0.0 0.0.255.255 host 150.100.1.44 eq 22 reflect checker
This archive was generated by hypermail 2.1.4 : Fri Jul 04 2003 - 11:11:06 GMT-3