From: Ivan (ivan@iip.net)
Date: Fri Sep 15 2006 - 06:03:37 ART
You can trick the router into reflecting locally originating traffic by using
local policy routing. In route-map statement send out "interest" traffic to
any Loopback interface.
On Friday 15 September 2006 04:09, Joe Clyde wrote:
> I've set up a reflexive acl on my router and it appears to be
> working for any thing going out the trusted interface unless it is
> sourced from the router itself.
> R1---->R2----->R4
>
> Both the acls are on the interface pointing towards R4. I can telnet
> or ping to R4 from R1 and that traffic shows up under the reflected acl
> like it should, R4 can not telnet or ping back...again like it should.
> However when I source a ping or telnet from the loopback, or any other
> interface on R2 to R4, I can't get through. I remember something about
> how ACLs filter traffic that come through the ports but not sourced from
> them...or something like that. Any help on what I'm missing would be
> appreciated. Or stated another way, how can I apply a reflexsive acl
> that will permit locally sourced address?
>
> R2 config
>
> interface Serial0/0.24 point-to-point
> description to-->r4
> ip address 192.168.24.2 255.255.255.248
> ip access-group notsafe in
> ip access-group safe out
> frame-relay interface-dlci 204
>
> ip access-list extended notsafe
> permit ospf any any
> evaluate me
> ip access-list extended safe
> permit ip any any reflect me
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
-- Ivan
This archive was generated by hypermail 2.1.4 : Sun Oct 01 2006 - 16:55:40 ART