Ping and reflexive access lists

From: ccie2be (ccie2be@nyc.rr.com)
Date: Fri Aug 22 2003 - 12:38:47 GMT-3

• Next message: Jonathan V Hays: "IGMP on Cat 3550"
• Previous message: Brian Dennis: "RE: OSPF Virtual Link Flapping"
• Next in thread: yu chunyan: "Re: Ping and reflexive access lists"
• Maybe reply: yu chunyan: "Re: Ping and reflexive access lists"
• Maybe reply: Weidong Xiao: "RE: Ping and reflexive access lists"
• Maybe reply: Brian Dennis: "RE: Ping and reflexive access lists"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi all,

The following is from the solution config of IPExpert e-scenario lab 343.

int s0
<text omitted>
ip access-group inbound in
ip access-group outbound out

ip access-list extended inbound
evaluate icmptraffic

ip access-list extended outbound
permit icmp any any reflect icmptraffic

The requirement is to allow inside users to ping to the outside. When I tried
this, it didn't work which actually makes sense to me since the reply to a
ping is an echo-reply which isn't a "mirror image" of a ping.

Is this solution wrong or did I miss something?

Thanks, dt

• Next message: Jonathan V Hays: "IGMP on Cat 3550"
• Previous message: Brian Dennis: "RE: OSPF Virtual Link Flapping"
• Next in thread: yu chunyan: "Re: Ping and reflexive access lists"
• Maybe reply: yu chunyan: "Re: Ping and reflexive access lists"
• Maybe reply: Weidong Xiao: "RE: Ping and reflexive access lists"
• Maybe reply: Brian Dennis: "RE: Ping and reflexive access lists"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Sep 02 2003 - 18:54:04 GMT-3