Re: reflexive access-list

From: Emmett Brown (bremmett@hotmail.com)
Date: Mon Jul 28 2003 - 00:03:27 GMT-3

• Next message: wing_lam@jossynergy.com: "multilink"
• Previous message: Emmett Brown: "Re: WHich one is correct?"
• Maybe in reply to: Yu Kay: "reflexive access-list"
• Next in thread: badger: "Re[2]: reflexive access-list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

this is true, especially if you are using routing protocols between A and B
instead of static default routes; you will see that you need not permit,
for example, ospf or bgp for outbound access-list for A(since these packets
originate from the router tself), but you will need to permit them on the
inbound access-list explicitly.

Emmett

----- Original Message -----
From: "Volkov, Dmitry (IDS Canada)" <dmitry_volkov@ca.ml.com>
To: "'Yu Kay'" <kaykkyu@yahoo.com>; <ccielab@groupstudy.com>
Sent: Monday, July 28, 2003 12:55 AM
Subject: RE: reflexive access-list

> Your access list looks right.
> Try to telnet to B from C:
> C---A---B
> It should work. I dont' knnow why but refl list doesn't work for packets
> originated from router itself.
> Even if You use telnet x.y.z.d. /source-interface "another inetrface than
> s0" from A to B it doesn't work
> Maybe it's IOS dependent.
>
> Dmitry
>
> > -----Original Message-----
> > From: Yu Kay [mailto:kaykkyu@yahoo.com]
> > Sent: Sunday, July 27, 2003 10:54 AM
> > To: ccielab@groupstudy.com
> > Subject: reflexive access-list
> >
> >
> > Hi,
> >
> > I have a question about reflexive access-list.
> > For example,
> >
> > routerA (S0)----- routerB
> >
> > I try to describe my problem in a simplest example.
> > Each router use default route point to the other.
> > Before I put the following 'access-list' on routerA,
> > routerA can telnet to routerB.
> >
> > int s0
> > ip access-group outbound out
> > ip access-group inbound in
> >
> > access-list extended inbound
> > evaluate test
> > access-list extended outbound
> > permit tcp any any reflect test
> >
> >
> > Please give me some hints
> >
> > Kay
> >
> >
> > __________________________________
> > Do you Yahoo!?
> > Yahoo! SiteBuilder - Free, easy-to-use web site design software
> > http://sitebuilder.yahoo.com
> >
> >
> > ______________________________________________________________
> > _________
> > You are subscribed to the GroupStudy.com CCIE R&S Discussion Group.
> >
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>
> _______________________________________________________________________
> You are subscribed to the GroupStudy.com CCIE R&S Discussion Group.
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: wing_lam@jossynergy.com: "multilink"
• Previous message: Emmett Brown: "Re: WHich one is correct?"
• Maybe in reply to: Yu Kay: "reflexive access-list"
• Next in thread: badger: "Re[2]: reflexive access-list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Aug 06 2003 - 06:52:55 GMT-3