From: Gerry Hilton (gerry.hilton@rogers.com)
Date: Tue Jul 20 2004 - 20:19:00 GMT-3
Hi. I believe that the problem is that traffic that the router
originates will not get evaluated. Try your telnet from a router behind R1.
Gerry
jongsoo.kim@intelsat.com wrote:
>I set up a simple lab
>
>R1 e0 .1 -----10.0.0.0/8 ----- .2 R2
>
>R1 IOS is : IOS (tm) 2500 Software (C2500-JS-L), Version 12.2(16), RELEASE SOFTWARE (fc3)
>
>I configure a simple reflexive ACL using telnet but it doesn't seem working.
>What am I missing?
>
>r1#telnet 10.0.0.2
>Trying 10.0.0.2 ...
>% Connection timed out; remote host not responding
>
>Here is R1 summary config
>
>ip reflexive-list timeout 240
>interface Ethernet0
> ip address 10.0.0.1 255.0.0.0
> ip access-group in1 in
> ip access-group out1 out
>
>ip access-list extended in1
> evaluate mytest
>
>ip access-list extended out1
> permit tcp any any reflect mytest timeout 120
>
>
>
>If I remove ACL in R1-e0, I can Telnet R2
>
>interface Ethernet0
> ip address 10.0.0.1 255.0.0.0
>!
>
>r1#telnet 10.0.0.2
>Trying 10.0.0.2 ... Open
>
>
>User Access Verification
>
>Password:
>
>_______________________________________________________________________
>Please help support GroupStudy by purchasing your study materials from:
>http://shop.groupstudy.com
>
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sun Aug 01 2004 - 10:11:59 GMT-3