From: Bajo (bajoalex@gmail.com)
Date: Fri Sep 15 2006 - 05:59:12 ART
try "ip local-proxy-arp" on R2...
On 9/14/06, Joe Clyde <jclyde@uen.org> wrote:
>
> I've set up a reflexive acl on my router and it appears to be
> working for any thing going out the trusted interface unless it is
> sourced from the router itself.
> R1---->R2----->R4
>
> Both the acls are on the interface pointing towards R4. I can telnet
> or ping to R4 from R1 and that traffic shows up under the reflected acl
> like it should, R4 can not telnet or ping back...again like it should.
> However when I source a ping or telnet from the loopback, or any other
> interface on R2 to R4, I can't get through. I remember something about
> how ACLs filter traffic that come through the ports but not sourced from
> them...or something like that. Any help on what I'm missing would be
> appreciated. Or stated another way, how can I apply a reflexsive acl
> that will permit locally sourced address?
>
> R2 config
>
> interface Serial0/0.24 point-to-point
> description to-->r4
> ip address 192.168.24.2 255.255.255.248
> ip access-group notsafe in
> ip access-group safe out
> frame-relay interface-dlci 204
>
> ip access-list extended notsafe
> permit ospf any any
> evaluate me
> ip access-list extended safe
> permit ip any any reflect me
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
-- Kind Regards,Bajo
This archive was generated by hypermail 2.1.4 : Sun Oct 01 2006 - 16:55:40 ART