Re: Reflexive Access-List

From: Udo Konstantin (ccie_groupstudy@yahoo.de)
Date: Wed Aug 16 2006 - 07:37:27 ART

• Next message: ZeroFlash: "RE: DHCP Default Gateway"
• Previous message: Andy: "Re: "police" command"
• Maybe in reply to: Udo Konstantin: "Reflexive Access-List"
• Next in thread: Hash Aminu: "Re: Reflexive Access-List"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thanks Hash...

that is was i want to know..

> Udo ,
>
>
> with the assumption that the routing protocol is EIGRP here is a sample
> config
> ip access-list extended INBOUND
> permit eigrp any any
> permit tcp any eq bgp any
> permit tcp any any eq bgp
> permit icmp any any
> evaluate CCIE
>
> ip access-list extended OUTBOUND
> permit eigrp any any
> permit tcp any eq bgp any
> permit tcp any any eq bgp
> permit icmp any any
> permit tcp any any reflect CCIE
> permit udp any any reflect CCIE
> !
>
>
>
> my network has BGP running therefore i allowed BGP too
> for the loopback or r2 to telnet to r1 u have to think through that the
> right way is to permit the loopback of the remote router to your router,
> sine that will be hat will authenticate you .
> if i were you , i will add this to my inboud ACL
>
>
> permit tcp host 2.2.1.1 eq telnet host 2.2.2.2
>
>>what about
>> permit tcp host 2.2.1.1 eq telnet host 2.2.2.2 established

> lastly you apply to the interface.
> HTH
>
> Hash
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: ZeroFlash: "RE: DHCP Default Gateway"
• Previous message: Andy: "Re: "police" command"
• Maybe in reply to: Udo Konstantin: "Reflexive Access-List"
• Next in thread: Hash Aminu: "Re: Reflexive Access-List"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Sep 01 2006 - 15:41:57 ART