From: Ilya Mazhara (willy@xxxxxxxxxxxxxxxx)
Date: Wed Jun 13 2001 - 10:31:07 GMT-3
How about to do it from PC on "inside" network not the router itself?
I think it would help you.
Nodir Nazarov wrote:
>
> Hello,
>
> I am configuring simple reflexive access list example, looks like I am
> missing something.
>
> R6--R5
>
> Serial 0.1 is the interface connected to R5
>
> !
> interface Serial0.1 point-to-point
> ip address 172.16.56.6 255.255.255.0
> ip access-group inbound in
> ip access-group outbound out
> no ip directed-broadcast
> frame-relay interface-dlci 605
> end
>
> ip access-list extended inbound
> permit igrp any any
> permit icmp any any
> evaluate ref
> deny ip any any log
>
> ip access-list extended outbound
> permit igrp any any
> permit icmp any any
> permit tcp any any reflect ref timeout 120
> deny ip any any log
>
> I expect R6 to mark outgoing tcp traffic with "ref" and evaluate it on the
> way back. Also R6 to be able to telnet to R5, however this is what I got:
>
> R6#telnet 172.16.56.5
> Trying 172.16.56.5 ...
> 11:52:29: %SEC-6-IPACCESSLOGP: list inbound denied tcp 172.16.56.5(23) ->
> 172.16.56.6(11002), 1 packet
> % Connection timed out; remote host not responding
>
> Reflexive ACL is not created and incoming traffic is not evaluated. Did I
> get it wrong ??
Wrong source of telneting.
>
> Thank you,
> Nodir
> **Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:31:23 GMT-3