From: Volkov, Dmitry (IDS Canada) (dmitry_volkov@ca.ml.com)
Date: Sun Jul 27 2003 - 13:55:25 GMT-3
Your access list looks right.
Try to telnet to B from C:
C---A---B
It should work. I dont' knnow why but refl list doesn't work for packets
originated from router itself.
Even if You use telnet x.y.z.d. /source-interface "another inetrface than
s0" from A to B it doesn't work
Maybe it's IOS dependent.
Dmitry
> -----Original Message-----
> From: Yu Kay [mailto:kaykkyu@yahoo.com]
> Sent: Sunday, July 27, 2003 10:54 AM
> To: ccielab@groupstudy.com
> Subject: reflexive access-list
>
>
> Hi,
>
> I have a question about reflexive access-list.
> For example,
>
> routerA (S0)----- routerB
>
> I try to describe my problem in a simplest example.
> Each router use default route point to the other.
> Before I put the following 'access-list' on routerA,
> routerA can telnet to routerB.
>
> int s0
> ip access-group outbound out
> ip access-group inbound in
>
> access-list extended inbound
> evaluate test
> access-list extended outbound
> permit tcp any any reflect test
>
>
> Please give me some hints
>
> Kay
>
>
> __________________________________
> Do you Yahoo!?
> Yahoo! SiteBuilder - Free, easy-to-use web site design software
> http://sitebuilder.yahoo.com
>
>
> ______________________________________________________________
> _________
> You are subscribed to the GroupStudy.com CCIE R&S Discussion Group.
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Wed Aug 06 2003 - 06:52:54 GMT-3