From: Chris McGuire (cmcguire@firstdigital.com)
Date: Wed Apr 30 2008 - 18:04:35 ART
One thing to keep in mind. Router generated traffic is not checked against
outbound filters. You could apply an ACL that denies all traffic outbound on
an interface and still be able to ping from that router to a neighbor
router. So you will not have a reflection back for your router generated
traffic if you are using Reflexive lists. This may have something to do with
it but I cannot tell for sure because I don't know the topology or where you
have applied these ACL's specifically. You may want to upload the configs of
the acl's and the interfaces you have applied them to.
Thanks,
Chris
On 4/30/08 2:37 PM, "olumayokun fowowe" <olumayokun@gmail.com> wrote:
> Hello all,
>
> I was listening to the Internetwork Expert Cod on Security. My problem have
> to do with the Relexive access list part. where we have MYFWEVAL and
> MYFWREFLECT. In the CoD, MYFWEVAL was applied IN on the serial interface and
> MYFWREFLECT as OUT on the same interface. When I tried replicating this with
> dynamips, I couldn't ping R5 nor R4 until I inverted the access list. I
> applied MYFWREFLECT as IN and MYFWEVAL as out, then the Reflexive access
> list worked. Please can anybody tell me the correct implementation.
> Thanks.
>
>
> Pass the CCIE in six weeks, Guaranteed!
> http://www.certscience.com/CCIE
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
Chris S. McGuire
Network Engineer
Phone: 801-456-1028
Fax: 801-456-1010
Email: cmcguire@firstdigital.com
Pass the CCIE in six weeks, Guaranteed!
http://www.certscience.com/CCIE
This archive was generated by hypermail 2.1.4 : Thu May 01 2008 - 08:25:52 ART