Re: Re: Reflexive Access List

From: navaid@rogers.com
Date: Sat Aug 30 2003 - 14:07:03 GMT-3

• Next message: Alec: "How to remove serial subif ?"
• Previous message: navaid@rogers.com: "Re: Reflexive Access List"
• Maybe in reply to: Teck PhrEAk!!: "Re: Reflexive Access List"
• Next in thread: Brian Dennis: "RE: Reflexive Access List"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Sorry Incorrect answer.

  try to ping 224.0.0.5

Navaid

>
> From: <navaid@rogers.com>
> Date: 2003/08/30 Sat PM 01:02:55 EDT
> To: christopher snow <cbsnow31@yahoo.com>, <ccielab@groupstudy.com>
> Subject: Re: Reflexive Access List
>
> It is not required on outbound because of following statement.
> permit tcp any any reflect tcp_traffic
>
> Navaid
>
> >
> > From: christopher snow <cbsnow31@yahoo.com>
> > Date: 2003/08/30 Sat PM 12:53:16 EDT
> > To: ccielab@groupstudy.com
> > Subject: Reflexive Access List
> >
> > I have a question in regards to relexive access lists.
> > I have the following config:
> >
> > ip access-list extended inbound
> > evaluate icmp_traffic
> > evaluate tcp_traffic
> > permit ospf any any
> > ip access-list extended outbound
> > permit icmp any any reflect icmp_traffic
> > permit tcp any any reflect tcp_traffic
> >
> > -----
> > The access-list works fine but I originally had ospf
> > permit any any applied to both the inbound and
> > oubound. When I compared my configs to the solution,
> > the solutin only had ospf permit any any applied to
> > the inbound. I removed it and it still works. I then
> > removed it from the inbound and the neighbors dropped.
> > Why is the ospf statement not needed on the outbound
> > side. It would have assumed that it would be blocked
> > unless specifically permited.
> >
> > Chris Snow
> >
> > __________________________________
> > Do you Yahoo!?
> > Yahoo! SiteBuilder - Free, easy-to-use web site design software
> > http://sitebuilder.yahoo.com
> >
> >
> > _______________________________________________________________________
> > You are subscribed to the GroupStudy.com CCIE R&S Discussion Group.
> >
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
>
> 1
>
>
> _______________________________________________________________________
> You are subscribed to the GroupStudy.com CCIE R&S Discussion Group.
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>

1

• Next message: Alec: "How to remove serial subif ?"
• Previous message: navaid@rogers.com: "Re: Reflexive Access List"
• Maybe in reply to: Teck PhrEAk!!: "Re: Reflexive Access List"
• Next in thread: Brian Dennis: "RE: Reflexive Access List"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Sep 02 2003 - 18:54:11 GMT-3