Nops buddy...
it is a connected interface
R1#sh ip route 150.1.1.254
Routing entry for 150.1.1.0/24
Known via "connected", distance 0, metric 0 (connected, via interface)
Redistributing via eigrp 100
Routing Descriptor Blocks:
* directly connected, via Loopback0
Route metric is 0, traffic share count is 1
R1#sh run itnloo
R1#sh run int loo
R1#sh run int loopback 0
Building configuration...
Current configuration : 63 bytes
!
interface Loopback0
ip address 150.1.1.1 255.255.255.0
end
On Tue, Jul 31, 2012 at 6:03 PM, Sadiq Yakasai <sadiqtanko_at_gmail.com> wrote:
> Hi Shekhar,
>
> Can we see the full config please? Is the next hop (150.1.1.254) on R1 or
> another box which is the next hop? I suspect this is the reason (and from
> what I see, its working as expected).
>
> If my assumption is right, then your local-policy is not making your
> locally generated traffic hit the reflexive ACL (outside_in), mainly
> because this does not pass through the inside_in ACL, to generate an entry
> in the reverse direction.
>
> Anyway, hope that helps abit.
>
> Sadiq
>
> On Tue, Jul 31, 2012 at 2:56 PM, shekhar sharma <
> shekhar.sharma21_at_gmail.com> wrote:
>
>> Hi guys,
>>
>>
>> facing some issue with reflexsive access-list.
>>
>> The inbound to outbound & vice-versa restrictions is working fine....
>>
>> But not able to rectify router local generated traffic (ping & telnet) for
>> mangement......after applying local policy..
>>
>> i am missing something basic here ... kindly help..
>>
>> configs :-
>> 1) ip access-list extended inside_in
>> permit ip any any reflect test
>> 2) ip access-list extended outside_in
>> permit eigrp any any
>> evaluate test
>>
>> 3)ip access-list extended icmp_telnet
>> permit tcp any any eq telnet
>> permit icmp any any
>>
>> 4)#sh route-map
>> route-map local, permit, sequence 10
>> Match clauses:
>> ip address (access-lists): icmp_telnet
>> Set clauses:
>> ip next-hop 150.1.1.254
>> Policy routing matches: 119 packets, 7318 bytes
>>
>> 5)ip local policy route-map local
>>
>>
>>
>> R1#ping 150.1.3.3
>> Type escape sequence to abort.
>> Sending 5, 100-byte ICMP Echos to 150.1.3.3, timeout is 2 seconds:
>> .....
>> Success rate is 0 percent (0/5)
>> R1#
>> R1#
>> R1#
>> R1#
>> R1#telnet 150.1.3.3
>> Trying 150.1.3.3 ...
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>>
>
>
> --
> CCIEx2 (R&S|Sec) #19963
Blogs and organic groups at http://www.ccie.net
Received on Tue Jul 31 2012 - 18:08:20 ART
This archive was generated by hypermail 2.2.0 : Wed Aug 01 2012 - 15:55:24 ART