From: Kian Wah Lai (kian_wah@qala.com.sg)
Date: Sat Nov 06 2004 - 00:57:03 GMT-3
traffic generated by the router is not affected by the ACL and thus, it
is not being reflected. In order to solve it, explictly permit the
traffic or use a route-map to policy route all traffic to another interface.
Kian Wah
3 routers and one PIX rental at SGD2/hr
http://rack.sgcug.org/
METOO CCIE wrote:
> Hi gurus,
>
> I have the following Reflexive Access-list. It works fine. It
> installs a temporary acl entries when there is traffic coming from
> some other router and going out of Eth 0/0 of this router.
>
> However, when the traffic is generated by this router (on which
> the ACL is configured), the reverse temporary entry is not created.
> Can someone please tell me how to have traffic from this router also
> install temp ACL entry. I have bgp, ospf & glbp working on this router
> and the solution should not break those. Thanks in advance.
>
> !
> interface Ethernet0/0
> ip access-group inboundfilters in
> ip access-group outboundfilters out
> !
> ip access-list extended inboundfilters
> permit tcp any any eq bgp
> evaluate tcptraffic
> evaluate udptraffic
> evaluate icmptraffic
> deny ip any any
> !
> ip access-list extended outboundfilters
> permit tcp any any reflect tcptraffic
> permit udp any any reflect udptraffic
> permit icmp any any reflect icmptraffic
> permit ip any any
> !
>
> Thanks
> -bobby
>
> _________________________________________________________________
> Check out Election 2004 for up-to-date election news, plus voter tools
> and more! http://special.msn.com/msn/election2004.armx
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Thu Dec 02 2004 - 06:57:39 GMT-3