Re: Reflexive ACL

From: John T M (john_t_mathai@hotmail.com)
Date: Sat Feb 12 2005 - 07:13:47 GMT-3

• Next message: simon hart: "RE: Reflexive ACL"
• Previous message: k c: "Re: BGP Confederation"
• Maybe in reply to: John T M: "Reflexive ACL"
• Next in thread: simon hart: "RE: Reflexive ACL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thats true, I was sourcing the telnet from the router. Brian mentioned in
his mail to try after configuring local policy routing and presto it worked.
I have learnt a lesson or two:
The outbound ACL does not effect the local packets, even the routing
protocol packets ( I didn't notice this earlier )

Thanks Dave.

Regds/John
----- Original Message -----
From: "DW" <kapsi1911@hotmail.com>
To: "'John T M'" <john_t_mathai@hotmail.com>; "'Group Study'"
<ccielab@groupstudy.com>
Sent: Saturday, February 12, 2005 10:38 AM
Subject: RE: Reflexive ACL

> Are you originating your telnet session from R3? If so, I'm wondering if
> your outgoing traffic ever triggers your RACL in the outbound direction.
> My thought is similar to how regular outbound ACLs don't apply to
> traffic that is originated on the same router that they are applied to.
> Try to telnet from a device behind R3 if you have not already.
>
> DAve
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> John T M
> Sent: Friday, February 11, 2005 11:19 PM
> To: Group Study
> Subject: Reflexive ACL
>
> I was trying the reflexive acl, I am perturbed that it is not working. I
> am
> I missing something here ?? Here is the config at the routers , I
> tried..
>
> R3 (S0) -------- --------------------------------(S0) R1
>
> R3 Config
> interface Serial0
> ip address 172.16.0.6 255.255.255.252
> ip access-group INCOME in
> ip access-group OUTGO out
> !
> interface Loopback0
> ip address 10.0.103.1
> !
> ip access-list extended INCOME
> permit icmp any any echo-reply
> permit udp any any eq rip
> evaluate ALLOW
> ip access-list extended OUTGO
> permit tcp any any reflect ALLOW
> !
>
>
> I tried without the ACL and I can telnet into R1, but once I put the ACL
> it
> doesn't work.
>
> Regds/John
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: simon hart: "RE: Reflexive ACL"
• Previous message: k c: "Re: BGP Confederation"
• Maybe in reply to: John T M: "Reflexive ACL"
• Next in thread: simon hart: "RE: Reflexive ACL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Mar 03 2005 - 08:51:20 GMT-3