Re: Configuring IP Session Filtering (Reflexive Access Lists)

From: Imal kalutotage (imal.kalutotage@gmail.com)
Date: Fri Nov 18 2005 - 16:17:57 GMT-3

• Next message: David Hoon: "OT: MPLS VPN PE-CE encapsulation"
• Previous message: Anthony Sequeira: "Annoyance RE DOC-CD in RTP"
• Maybe in reply to: Victor Cappuccio: "Configuring IP Session Filtering (Reflexive Access Lists)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Victor if u donot have it, you can permit
tcp any any eq 179
tcp any eq 179 any

where 179 is the BGP port..
May be you already know this..

Cheers
Iml

On 11/18/05, Victor Cappuccio <cvictor@protokolgroup.com> wrote:
>
> Hello All..
>
> In Link
>
>
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecu
> r_c/ftrafwl/scfreflx.htm
>
> Show a Internal Interface Configuration Example that permits BGP to be
> passed
> without been checked by the evaluate tcptraffic
>
> *********************
> Internal Interface Configuration Example
> interface Ethernet 0
>
> description Access from the I-net to our Internal Network via this
> interface
> ip access-group inboundfilters in
> ip access-group outboundfilters out
> !
> ip reflexive-list timeout 120
> !
> ip access-list extended outboundfilters
> permit bgp any any
> permit eigrp any any
> deny icmp any any
> evaluate tcptraffic
> !
> ip access-list extended inboundfilters
> permit tcp any any reflect tcptraffic
>
> ***********************************
>
> I do not know if it's a Typo but my router does not have BGP in the permit
> options!!!
>
> Router(config-ext-nacl)#permit ?
> <0-255> An IP protocol number
> ahp Authentication Header Protocol
> eigrp Cisco's EIGRP routing protocol
> esp Encapsulation Security Payload
> gre Cisco's GRE tunneling
> icmp Internet Control Message Protocol
> igmp Internet Gateway Message Protocol
> ip Any Internet Protocol
> ipinip IP in IP tunneling
> nos KA9Q NOS compatible IP over IP tunneling
> ospf OSPF routing protocol
> pcp Payload Compression Protocol
> pim Protocol Independent Multicast
> tcp Transmission Control Protocol
> udp User Datagram Protocol
>
> My IOS Version is 12.2(15)T16
>
> I think that if you like to permit bgp then this command should be used
> permit tcp any eq bgp any
> permit tcp any any eq bgp
>
> Any Suggestion
> Thanks
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: David Hoon: "OT: MPLS VPN PE-CE encapsulation"
• Previous message: Anthony Sequeira: "Annoyance RE DOC-CD in RTP"
• Maybe in reply to: Victor Cappuccio: "Configuring IP Session Filtering (Reflexive Access Lists)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Dec 01 2005 - 09:12:07 GMT-3