Re: Reflexive ACL

From: Shawn Zandi (szmetal@gmail.com)
Date: Mon May 26 2008 - 14:16:32 ART

• Next message: Peter Svidler: "BGP ext community"
• Previous message: Shawn Zandi: "Re: Reflexive ACL"
• Maybe in reply to: Suryakant P: "Reflexive ACL"
• Next in thread: Mike Haddad: "RE: Reflexive ACL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

When you use loopback (in your policy) to ping yourself it doesn't hit
outbound of ethernet to get evaluated, so return traffic is not permitted.

Shawn Zandi,
www.shafagh.com

On Mon, May 26, 2008 at 9:03 PM, Shawn Zandi <szmetal@gmail.com> wrote:

> Your icmp packet is not hitting evaluate keyword on outbound and getting
> drop, cause its router's generated traffic. its not gonna get evaluated.
>
> verification:
>
> ip access-list extended inbound
> 65 permit icmp any any log
>
>
>
> On Mon, May 26, 2008 at 7:47 PM, Suryakant P <suryakant.pandian@gmail.com>
> wrote:
>
>> yes shawn.I am able to ping without the ACL

• Next message: Peter Svidler: "BGP ext community"
• Previous message: Shawn Zandi: "Re: Reflexive ACL"
• Maybe in reply to: Suryakant P: "Reflexive ACL"
• Next in thread: Mike Haddad: "RE: Reflexive ACL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Jun 02 2008 - 06:59:18 ART