From: Nawaz, Ajaz (Ajaz.Nawaz@bskyb.com)
Date: Wed Oct 26 2005 - 04:29:49 GMT-3
Afaik racl's will only be applied to the specified flow traversing through
the router. Locally generated traffic i.e. sourced from the router itself is
not subjected to racl. Given this, the issue must lie somewhere else.
It's been some days now since your post - did you find a fix ?
Ajaz Nawaz
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
George Amen
Sent: 22 October 2005 17:24
To: Cisco certification
Subject: Reflexive ACL: Unable to ping local Ethernet
Topology:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
| R4 | |
| | | external network
| Internal Net r3-e0-----|----e0-r6
| | |
| R5 | |
----------------------------- --------------------
Conditions:
- Allow all TCP, UDP, ICMP originated from internet Net
- Allow all protocol configured (ospf, bgp)
- and also allow r3 to ping r6
R3 Configuration:
!
ip access-list extended in-reflect-1
permit ospf any any
permit tcp any eq bgp any
permit tcp any any eq bgp
permit icmp any any echo-reply
evaluate help-reflect-1
!
ip access-list extended out-reflect-1
permit tcp any any reflect help-reflect-1
permit udp any any reflect help-reflect-1
permit icmp any any reflect help-reflect-1
!
Rack135-R3#sh run int eth 0
!
interface Ethernet0
ip address 1.1.46.3 255.255.255.0
ip access-group in-reflect-1 in
ip access-group out-reflect-1 out
!
After doing this config, every part of the network and protocol is
happily doing what I wanted except "R3 cannot ping its Ethernet
interface i.e. itself"
I tried pinging from R4, R5,,, works fine,, all protocols are working
fine,, ping to IP's behind R6 i.e. external network works,,,,, except
R3 is not able to ping itself....
Any ideas why,,, and how to fix it without creating security holes?
thanks
- GA
This archive was generated by hypermail 2.1.4 : Sun Nov 06 2005 - 22:00:54 GMT-3