From: christopher snow (cbsnow31@yahoo.com)
Date: Sat Aug 30 2003 - 13:53:16 GMT-3
I have a question in regards to relexive access lists.
I have the following config:
ip access-list extended inbound
evaluate icmp_traffic
evaluate tcp_traffic
permit ospf any any
ip access-list extended outbound
permit icmp any any reflect icmp_traffic
permit tcp any any reflect tcp_traffic
-----
The access-list works fine but I originally had ospf
permit any any applied to both the inbound and
oubound. When I compared my configs to the solution,
the solutin only had ospf permit any any applied to
the inbound. I removed it and it still works. I then
removed it from the inbound and the neighbors dropped.
Why is the ospf statement not needed on the outbound
side. It would have assumed that it would be blocked
unless specifically permited.
Chris Snow
__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com
This archive was generated by hypermail 2.1.4 : Tue Sep 02 2003 - 18:54:11 GMT-3