Re: Reflexive Access-List

From: Hash Aminu (hashng@gmail.com)
Date: Wed Aug 16 2006 - 03:53:34 ART

• Next message: Udo Konstantin: "Frame-Relay Fragmentation"
• Previous message: Udo Konstantin: "Reflexive Access-List"
• Maybe in reply to: Udo Konstantin: "Reflexive Access-List"
• Next in thread: Udo Konstantin: "Re: Reflexive Access-List"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Udo ,

with the assumption that the routing protocol is EIGRP here is a sample
config
ip access-list extended INBOUND
 permit eigrp any any
 permit tcp any eq bgp any
 permit tcp any any eq bgp
 permit icmp any any
 evaluate CCIE

ip access-list extended OUTBOUND
 permit eigrp any any
 permit tcp any eq bgp any
 permit tcp any any eq bgp
 permit icmp any any
 permit tcp any any reflect CCIE
 permit udp any any reflect CCIE
!

my network has BGP running therefore i allowed BGP too
for the loopback or r2 to telnet to r1 u have to think through that the
right way is to permit the loopback of the remote router to your router,
sine that will be hat will authenticate you .
if i were you , i will add this to my inboud ACL

 permit tcp host 2.2.1.1 eq telnet host 2.2.2.2

lastly you apply to the interface.
HTH

Hash

• Next message: Udo Konstantin: "Frame-Relay Fragmentation"
• Previous message: Udo Konstantin: "Reflexive Access-List"
• Maybe in reply to: Udo Konstantin: "Reflexive Access-List"
• Next in thread: Udo Konstantin: "Re: Reflexive Access-List"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Sep 01 2006 - 15:41:57 ART