From: Hoyle, Anthony (AL) (ALHoyle@dow.com)
Date: Sat Nov 06 2004 - 17:10:47 GMT-3
I think you might have to create a route-map and set the next hop to the loopback interface
for all for all of the traffic (you are evaluating) to temporarily open up
access. I know this sounds jumbled, but It something like that...
Anthony Hoyle, CCIE #13948
EDS
Infrastructure Specialist
Anthony.hoyleEds.com
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of METOO CCIE
Sent: Friday, November 05, 2004 7:44 PM
To: ccielab@groupstudy.com
Subject: Reflexive ACL and traffic generated by the router
Hi gurus,
I have the following Reflexive Access-list. It works fine. It installs
a temporary acl entries when there is traffic coming from some other router
and going out of Eth 0/0 of this router.
However, when the traffic is generated by this router (on which the ACL
is configured), the reverse temporary entry is not created. Can someone
please tell me how to have traffic from this router also install temp ACL
entry. I have bgp, ospf & glbp working on this router and the solution
should not break those. Thanks in advance.
!
interface Ethernet0/0
ip access-group inboundfilters in
ip access-group outboundfilters out
!
ip access-list extended inboundfilters
permit tcp any any eq bgp
evaluate tcptraffic
evaluate udptraffic
evaluate icmptraffic
deny ip any any
!
ip access-list extended outboundfilters
permit tcp any any reflect tcptraffic
permit udp any any reflect udptraffic
permit icmp any any reflect icmptraffic
permit ip any any
!
Thanks
-bobby
This archive was generated by hypermail 2.1.4 : Thu Dec 02 2004 - 06:57:39 GMT-3