Re[2]: reflexive access-list

From: badger (badger@pongo.org)
Date: Mon Jul 28 2003 - 13:38:35 GMT-3

• Next message: IceCreamDrinks@aol.com: "access list question"
• Previous message: Lance Cockcroft: "RE: CAR-Question(c*c*bootcamp -Lab9)"
• Maybe in reply to: Yu Kay: "reflexive access-list"
• Next in thread: R. Adjakou: "Re: reflexive access-list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hello Yu,

Sunday, July 27, 2003, 11:29:15 PM, you wrote:

YK> it is ok when i configure three routers like yours.

YK> --- "Volkov, Dmitry (IDS Canada)"
YK> <dmitry_volkov@ca.ml.com> wrote:
>> Your access list looks right.
>> Try to telnet to B from C:
>> C---A---B
>> It should work. I dont' knnow why but refl list
>> doesn't work for packets
>> originated from router itself.
>> Even if You use telnet x.y.z.d. /source-interface
>> "another inetrface than
>> s0" from A to B it doesn't work
>> Maybe it's IOS dependent.
>>
>> Dmitry
>>
>> > -----Original Message-----
>> > From: Yu Kay [mailto:kaykkyu@yahoo.com]
>> > Sent: Sunday, July 27, 2003 10:54 AM
>> > To: ccielab@groupstudy.com
>> > Subject: reflexive access-list
>> >
>> >
>> > Hi,
>> >
>> > I have a question about reflexive access-list.
>> > For example,
>> >
>> > routerA (S0)----- routerB
>> >
>> > I try to describe my problem in a simplest
>> example.
>> > Each router use default route point to the other.
>> > Before I put the following 'access-list' on
>> routerA,
>> > routerA can telnet to routerB.
>> >
>> > int s0
>> > ip access-group outbound out
>> > ip access-group inbound in
>> >
>> > access-list extended inbound
>> > evaluate test
>> > access-list extended outbound
>> > permit tcp any any reflect test
>> >
>> >
>> > Please give me some hints
>> >
>> > Kay
>> >
>> >
>> > __________________________________
>> > Do you Yahoo!?
>> > Yahoo! SiteBuilder - Free, easy-to-use web site
>> design software
>> > http://sitebuilder.yahoo.com
>> >
>> >
>> >
>>
YK> ______________________________________________________________
>> > _________
>> > You are subscribed to the GroupStudy.com CCIE R&S
>> Discussion Group.
>> >
>> > Subscription information may be found at:
>> > http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
YK> _______________________________________________________________________
>> You are subscribed to the GroupStudy.com CCIE R&S
>> Discussion Group.
>>
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html

YK> __________________________________
YK> Do you Yahoo!?
YK> Yahoo! SiteBuilder - Free, easy-to-use web site design software
YK> http://sitebuilder.yahoo.com

YK> _______________________________________________________________________
YK> You are subscribed to the GroupStudy.com CCIE R&S Discussion Group.

YK> Subscription information may be found at:
YK> http://www.groupstudy.com/list/CCIELab.html

What was the method to force the acl to process packets generated from
the router?

-- 
Best regards,
 badger                            mailto:badger@pongo.org

• Next message: IceCreamDrinks@aol.com: "access list question"
• Previous message: Lance Cockcroft: "RE: CAR-Question(c*c*bootcamp -Lab9)"
• Maybe in reply to: Yu Kay: "reflexive access-list"
• Next in thread: R. Adjakou: "Re: reflexive access-list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Aug 06 2003 - 06:52:56 GMT-3