From: George Amen (george.amen@gmail.com)
Date: Sat Oct 22 2005 - 13:24:08 GMT-3
Topology:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
| R4 | |
| | | external network
| Internal Net r3-e0-----|----e0-r6
| | |
| R5 | |
----------------------------- --------------------
Conditions:
- Allow all TCP, UDP, ICMP originated from internet Net
- Allow all protocol configured (ospf, bgp)
- and also allow r3 to ping r6
R3 Configuration:
!
ip access-list extended in-reflect-1
permit ospf any any
permit tcp any eq bgp any
permit tcp any any eq bgp
permit icmp any any echo-reply
evaluate help-reflect-1
!
ip access-list extended out-reflect-1
permit tcp any any reflect help-reflect-1
permit udp any any reflect help-reflect-1
permit icmp any any reflect help-reflect-1
!
Rack135-R3#sh run int eth 0
!
interface Ethernet0
ip address 1.1.46.3 255.255.255.0
ip access-group in-reflect-1 in
ip access-group out-reflect-1 out
!
After doing this config, every part of the network and protocol is
happily doing what I wanted except "R3 cannot ping its Ethernet
interface i.e. itself"
I tried pinging from R4, R5,,, works fine,, all protocols are working
fine,, ping to IP's behind R6 i.e. external network works,,,,, except
R3 is not able to ping itself....
Any ideas why,,, and how to fix it without creating security holes?
thanks
- GA
This archive was generated by hypermail 2.1.4 : Sun Nov 06 2005 - 22:00:52 GMT-3