RE: reflexive ACL question

From: Jongsoo.Kim@Intelsat.com
Date: Tue Jul 20 2004 - 21:34:22 GMT-3

• Next message: ccie2be: "Re: Multicast - Sparse Mode"
• Previous message: Sergio Jimenez Arguedas: "Ethernet Frame 6000"
• Maybe in reply to: jongsoo.kim@intelsat.com: "reflexive ACL question"
• Next in thread: ccie2be: "Re: reflexive ACL question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Yes it works from behind R1.

Thanks !!!

Jongsoo

-----Original Message-----
From: Gerry Hilton [mailto:gerry.hilton@rogers.com]
Sent: Tuesday, 20 July, 2004 7:19 PM
To: Kim, Jongsoo
Cc: ccielab@groupstudy.com
Subject: Re: reflexive ACL question

Hi. I believe that the problem is that traffic that the router
originates will not get evaluated. Try your telnet from a router behind R1.

Gerry

jongsoo.kim@intelsat.com wrote:

>I set up a simple lab
>
>R1 e0 .1 -----10.0.0.0/8 ----- .2 R2
>
>R1 IOS is : IOS (tm) 2500 Software (C2500-JS-L), Version 12.2(16), RELEASE
SOFTWARE (fc3)
>
>I configure a simple reflexive ACL using telnet but it doesn't seem
working.
>What am I missing?
>
>r1#telnet 10.0.0.2
>Trying 10.0.0.2 ...
>% Connection timed out; remote host not responding
>
>Here is R1 summary config
>
>ip reflexive-list timeout 240
>interface Ethernet0
> ip address 10.0.0.1 255.0.0.0
> ip access-group in1 in
> ip access-group out1 out
>
>ip access-list extended in1
> evaluate mytest
>
>ip access-list extended out1
> permit tcp any any reflect mytest timeout 120
>
>
>
>If I remove ACL in R1-e0, I can Telnet R2
>
>interface Ethernet0
> ip address 10.0.0.1 255.0.0.0
>!
>
>r1#telnet 10.0.0.2
>Trying 10.0.0.2 ... Open
>
>
>User Access Verification
>
>Password:
>
>_______________________________________________________________________
>Please help support GroupStudy by purchasing your study materials from:
>http://shop.groupstudy.com
>
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
>
>
>

############################################################

Building on 40 Years of Leadership - As a global communications leader with 40 years of experience, Intelsat helps service providers,
broadcasters, corporations and governments deliver information and entertainment anywhere in the world, instantly, securely and reliably.

############################################################
This email message is for the sole use of the intended
recipient(s) and may contain confidential and privileged
information. Any unauthorized review, use, disclosure or
distribution is prohibited. If you are not the intended
recipient, please contact the sender by reply email and
destroy all copies of the original message. Any views
expressed in this message are those of the individual
sender, except where the sender specifically states them
to be the views of Intelsat, Ltd. and its subsidiaries.
############################################################

• Next message: ccie2be: "Re: Multicast - Sparse Mode"
• Previous message: Sergio Jimenez Arguedas: "Ethernet Frame 6000"
• Maybe in reply to: jongsoo.kim@intelsat.com: "reflexive ACL question"
• Next in thread: ccie2be: "Re: reflexive ACL question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Aug 01 2004 - 10:11:59 GMT-3