From: navaid@rogers.com
Date: Sat Aug 30 2003 - 14:02:55 GMT-3
It is not required on outbound because of following statement.
permit tcp any any reflect tcp_traffic
Navaid
>
> From: christopher snow <cbsnow31@yahoo.com>
> Date: 2003/08/30 Sat PM 12:53:16 EDT
> To: ccielab@groupstudy.com
> Subject: Reflexive Access List
>
> I have a question in regards to relexive access lists.
> I have the following config:
>
> ip access-list extended inbound
> evaluate icmp_traffic
> evaluate tcp_traffic
> permit ospf any any
> ip access-list extended outbound
> permit icmp any any reflect icmp_traffic
> permit tcp any any reflect tcp_traffic
>
> -----
> The access-list works fine but I originally had ospf
> permit any any applied to both the inbound and
> oubound. When I compared my configs to the solution,
> the solutin only had ospf permit any any applied to
> the inbound. I removed it and it still works. I then
> removed it from the inbound and the neighbors dropped.
> Why is the ospf statement not needed on the outbound
> side. It would have assumed that it would be blocked
> unless specifically permited.
>
> Chris Snow
>
> __________________________________
> Do you Yahoo!?
> Yahoo! SiteBuilder - Free, easy-to-use web site design software
> http://sitebuilder.yahoo.com
>
>
> _______________________________________________________________________
> You are subscribed to the GroupStudy.com CCIE R&S Discussion Group.
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
1
This archive was generated by hypermail 2.1.4 : Tue Sep 02 2003 - 18:54:11 GMT-3