issue with reflexsive access-list from shekhar sharma on 2012-07-31 (Ccielab archives 07/2012)

From: shekhar sharma <shekhar.sharma21_at_gmail.com>
Date: Tue, 31 Jul 2012 17:56:56 +0400

Hi guys,

facing some issue with reflexsive access-list.

The inbound to outbound & vice-versa restrictions is working fine....

But not able to rectify router local generated traffic (ping & telnet) for
mangement......after applying local policy..

i am missing something basic here ... kindly help..

configs :-
1) ip access-list extended inside_in
permit ip any any reflect test
2) ip access-list extended outside_in
permit eigrp any any
evaluate test

3)ip access-list extended icmp_telnet
permit tcp any any eq telnet
permit icmp any any

4)#sh route-map
route-map local, permit, sequence 10
  Match clauses:
    ip address (access-lists): icmp_telnet
  Set clauses:
    ip next-hop 150.1.1.254
  Policy routing matches: 119 packets, 7318 bytes

5)ip local policy route-map local

R1#ping 150.1.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 150.1.3.3, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
R1#
R1#
R1#
R1#
R1#telnet 150.1.3.3
Trying 150.1.3.3 ...

Blogs and organic groups at http://www.ccie.net
Received on Tue Jul 31 2012 - 17:56:56 ART

This archive was generated by hypermail 2.2.0 : Wed Aug 01 2012 - 15:55:24 ART