From: Mike Haddad (mike.haddad@hotmail.com)
Date: Mon May 26 2008 - 20:18:20 ART
Hello,
You need to allow icmp echo and not echo-reply to your router interface.
Incomming icmp will be echo but your router will send the echo reply.
Please try and let me know,
Regards,
> Date: Mon, 26 May 2008 21:17:14 +0530> From: suryakant.pandian@gmail.com>
To: szmetal@gmail.com> Subject: Re: Reflexive ACL> CC: ccielab@groupstudy.com>
> yes shawn.I am able to ping without the ACL> > On 5/26/08, Shawn Zandi
<szmetal@gmail.com> wrote:> >> > You're pinging from R4? wrong router! you've
been able to ping before ACL?> >> > On Mon, May 26, 2008 at 5:38 PM, Suryakant
P <suryakant.pandian@gmail.com>> > wrote:> >> >> Hi All,> >>> >> I have two
routers connected to a common ethernet segment.> >>> >>
r1(204.12.1.4)f0/0----f0/1r2(204.12.1.254)> >>> >> I have configured reflexive
acl on the r1 router.> >>> >> interface FastEthernet0/0> >> ip address
204.12.1.4 255.255.255.0> >> ip access-group inbound in> >> ip access-group
outbound out> >> duplex auto> >> speed auto> >>> >> ip access-list extended
inbound> >> permit udp any any eq rip> >> permit tcp any any eq bgp> >> permit
tcp any eq bgp any> >> permit icmp any any echo-reply> >> permit tcp any eq
telnet any> >> evaluate RETURN> >> ip access-list extended outbound> >> permit
icmp any any reflect RETURN> >> permit udp any any reflect RETURN> >> permit
tcp any any reflect RETURN> >>> >> With this configuration,I was not able to
ping r1's own interface.> >>> >> Rack1R4#ping 204.12.1.4> >>> >> Type escape
sequence to abort.> >> Sending 5, 100-byte ICMP Echos to 204.12.1.4, timeout
is 2 seconds:> >> .....> >> Success rate is 0 percent (0/5)> >> Rack1R4#> > >
This archive was generated by hypermail 2.1.4 : Mon Jun 02 2008 - 06:59:18 ART