From: Jason Guy \(jguy\) (jguy@cisco.com)
Date: Tue Sep 25 2007 - 16:41:04 ART
No, reflexive ACLs do not "reflect" for local traffic. You would need
to use PBR to hairpin the local traffic to an interface so it looks like
transit traffic to the router. I know I have seen this discussed in the
past...check the archives for an sample config. :)
Jason
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Alex Steer
Sent: Tuesday, September 25, 2007 1:15 PM
To: ccielab@groupstudy.com
Subject: really quick yes or no, reflective access-lists
Hi
Just a quick one, Can someone tell me if reflective access-lists effect
traffic from the local router as normal? I thought they did but
ip access-list extended inbound
permit ospf any any
permit icmp any any
evaluate reflect
ip access-list extended outbound
permit icmp any any
permit tcp any any reflect reflect
permit udp any any reflect reflect
interface Serial0
ip access-group inbound in
ip access-group outbound out
int fa0
ip address 1.1.1.1 255.255.255.0
telnet 150.1.2.2 /sour fa0 fail when the inbound and outbound are
configured.
Telnets from the switch to 150.1.2.2 on the same subnet using a static
route pointing to 1.1.1.1 work fine.
Any thoughts please?
Thanks in advance
Alex
This archive was generated by hypermail 2.1.4 : Sat Oct 06 2007 - 12:01:16 ART