From: Brian McGahan (bmcgahan@internetworkexpert.com)
Date: Wed Jan 07 2004 - 14:26:56 GMT-3
Kaiser,
Normally you don't want to reflect when the traffic comes back in.
Check this post for more info:
http://www.groupstudy.com/archives/ccielab/200311/msg01170.html
HTH,
Brian McGahan, CCIE #8593
bmcgahan@internetworkexpert.com
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987
Direct: 708-362-1418 (Outside the US and Canada)
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Kaiser Anwar
> Sent: Wednesday, January 07, 2004 8:43 AM
> To: ccielab@groupstudy.com
> Subject: Reflexive Access list
>
> HI,
> I was testing a reflexive access in the practice lab.It seems to be
> working.
> But I wanted to be sure.
> here is the config. this is the understating I have for this that any
> traffic
> that goes out with reflect keyword it has to exist in outside access-list
> state table.
> Thanks in advance for your help.
>
> ip access-list extended inside
> permit ip any any reflect outbound
>
>
> ip access-list extended outside
> evaluate outbound
> permit ospf any any reflect inbound
> permit udp any any reflect inbound
> permit tcp any any reflect inbound
>
>
> Kaiser Anwar
>
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Mon Feb 02 2004 - 09:07:37 GMT-3