Reflexive ACL

From: nagendra kumar (nagendranainar@yahoo.co.in)
Date: Mon Mar 17 2008 - 09:04:42 ART

• Next message: Adel Karim: "Re: Reflexive ACL"
• Previous message: Dinesh Patel: "BGP ORF capability - why ipv4 address family?"
• Next in thread: Adel Karim: "Re: Reflexive ACL"
• Maybe reply: Adel Karim: "Re: Reflexive ACL"
• Maybe reply: Sadiq Yakasai: "Re: Reflexive ACL"
• Maybe reply: Ahsan Mohiuddin: "Re: Reflexive ACL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi All,
  
  (outside)BB1----------------R1(Inside)
  
  When we configure Reflexive ACL it will not affect the local router (will not create a temporary permit ACL, if the traffic is originated from local router, R1 in this case). This would break the IP reachability from this router to outside network. I know we can configure explicit permit for all ICMP packet from outside to inside for all addresses in R1. But it seems to violate the question, as the question will be to allow ICMP only if it is originated from inside.
  
  Can some one please let me know if you have any other alternate solution.
  
  P.S : I remember somewhere reading that changing the outgoing source address will solve the issue. But I tried pinging outside network with loopback address of R1 and still end up with same ICMP error message as "administratively prohibited unreachable"
  
  Regards,
  Nagendra
  
  
       
---------------------------------
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.

• Next message: Adel Karim: "Re: Reflexive ACL"
• Previous message: Dinesh Patel: "BGP ORF capability - why ipv4 address family?"
• Next in thread: Adel Karim: "Re: Reflexive ACL"
• Maybe reply: Adel Karim: "Re: Reflexive ACL"
• Maybe reply: Sadiq Yakasai: "Re: Reflexive ACL"
• Maybe reply: Ahsan Mohiuddin: "Re: Reflexive ACL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Apr 01 2008 - 07:53:53 ART