From: mani poopal (mani_ccie@yahoo.com)
Date: Thu Oct 06 2005 - 12:51:13 GMT-3
Hi
I think there is some thing wrong in the config, always reflect (put a seal) for outbound traffic(which should be permitted) and evaluate the same traffic(relected) in the inbound direction, in your config you are reflecting inbound(in_filters) and it could be wrong. In the inbound direction permit whatever intereresting traffic(ping, ospf, bgp etc) and finally gvie evlauate XXXX command. In the outbound access-list you can define traffic to be reflected and any traffic defined without relect keyword, cannot comeback. Hope this helps.
Mani
dusth@comcast.net wrote:
Hi all, I'm reading the cisco press ccie routing and switching practice labs by martin duggan and Maurulio gorito. On lab 5, says allow bgp and any other traffic, and here is the config on the book:
ip access-list extended in_filters
permit tcp an an reflect TCP_Traffic
ip access-list extended out_filters
permit tcp an an eq bgp
permit pim an an
permit icmp an an
int atm3/0
ip access-group in_filters in
ip access-group out_filters out
I just wonder why the in access-list only reflect tcp traffic but not others. Should others traffic are implicitly denied? Or, others traffic are just not reflected?
Thanks for any explanation.
dustin
This archive was generated by hypermail 2.1.4 : Sun Nov 06 2005 - 22:00:49 GMT-3