From: Shamin (ccie.xpert@gmail.com)
Date: Sat Jun 02 2007 - 13:16:43 ART
Hi Prem,
Important to note that, reflexive access-lists does not reflect locally
generated traffic . So you have to exclusively
permit locally generated traffic back to the router.
Regards
Shamin
On 6/2/07, premkumar somasundaram <premkumar.somasundaram@gmail.com> wrote:
>
> Group.
> I have a issue with the reflexive access-list. Here is the scenario.... I
> need to configure reflexive access-list on R3 to allow ICMP, TCP, UDP and
> OSPF traffic from inside to outside. The configuration is follows.
>
>
> interface Serial2/3
> ip address 136.1.23.3 255.255.255.0
> ip access-group INBOUND in
> ip access-group OUTBOUND out
> encapsulation ppp
> clock rate 64000
> no dce-terminal-timing-enable
>
>
> ip access-list extended INBOUND
> evaluate MIRROR
> ip access-list extended OUTBOUND
> permit icmp any any reflect MIRROR
> permit tcp any any reflect MIRROR
> permit udp any any reflect MIRROR
> permit ospf any any reflect MIRROR
> !
>
> For testing, I used to ping for ICMP, Telnet for TCP , and Routing
> protocol
> for OSPF.
>
> But none of them worked...I am sure something is missing from the config
> which i could nt find out..can any one help me on this...
>
>
> Thanks
> Prem
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sun Jul 01 2007 - 17:24:46 ART