From: Kaiser Anwar (kaiseranwar@sbcglobal.net)
Date: Wed Jan 07 2004 - 20:02:19 GMT-3
HI Brian,
I did read the thread I am still little confused. I did
configured it again.seems to be working But I wanted you to see if it is
correctly configured.
Thanks
ip access-list extended inside
evaluate outbound
permit tcp any any reflect outbound
permit udp any any reflect outbound
permit ospf any any reflect outbound
permit icmp any any echo
permit icmp any any echo-reply
ip access-list extended outside
evaluate outbound
permit ospf any any reflect inbound
permit tcp any any reflect inbound
permit udp any any reflect inbound
permit icmp any any echo
permit icmp any any echo-reply
R1#sh ip access-lists inbound
Reflexive IP access list inbound
permit udp host 224.0.1.39 eq pim-auto-rp host 165.10.100.3 eq
pim-auto-rp (2 matches) (time left 75)
permit udp host 224.0.1.40 eq pim-auto-rp host 165.10.100.3 eq
pim-auto-rp (14 matches) (time left 281)
R1#sh ip access-lists outbound
Reflexive IP access list outbound
permit udp host 224.0.1.39 eq pim-auto-rp host 165.10.100.3 eq
pim-auto-rp (7 matches) (time left 243)
permit udp host 224.0.0.9 eq rip host 165.10.100.3 eq rip (55 matches)
(time left 280)
permit ospf host 165.10.100.1 eq host 165.10.100.3 (13 matches) (time
left 277)
permit udp host 224.0.1.40 eq pim-auto-rp host 165.10.100.3 eq
pim-auto-rp (27 matches) (time left 270))
----- Original Message -----
From: "Brian McGahan" <bmcgahan@internetworkexpert.com>
To: "'Kaiser Anwar'" <kaiseranwar@sbcglobal.net>; <ccielab@groupstudy.com>
Sent: Wednesday, January 07, 2004 11:26 AM
Subject: RE: Reflexive Access list
> Kaiser,
>
> Normally you don't want to reflect when the traffic comes back in.
> Check this post for more info:
>
> http://www.groupstudy.com/archives/ccielab/200311/msg01170.html
>
>
> HTH,
>
> Brian McGahan, CCIE #8593
> bmcgahan@internetworkexpert.com
>
> Internetwork Expert, Inc.
> http://www.InternetworkExpert.com
> Toll Free: 877-224-8987
> Direct: 708-362-1418 (Outside the US and Canada)
>
>
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> > Kaiser Anwar
> > Sent: Wednesday, January 07, 2004 8:43 AM
> > To: ccielab@groupstudy.com
> > Subject: Reflexive Access list
> >
> > HI,
> > I was testing a reflexive access in the practice lab.It seems to be
> > working.
> > But I wanted to be sure.
> > here is the config. this is the understating I have for this that any
> > traffic
> > that goes out with reflect keyword it has to exist in outside
access-list
> > state table.
> > Thanks in advance for your help.
> >
> > ip access-list extended inside
> > permit ip any any reflect outbound
> >
> >
> > ip access-list extended outside
> > evaluate outbound
> > permit ospf any any reflect inbound
> > permit udp any any reflect inbound
> > permit tcp any any reflect inbound
> >
> >
> > Kaiser Anwar
> >
> > _______________________________________________________________________
> > Please help support GroupStudy by purchasing your study materials from:
> > http://shop.groupstudy.com
> >
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Mon Feb 02 2004 - 09:07:37 GMT-3