From: Ahmed Hassan (ahmed_hassan@rayatelecom.net)
Date: Wed Jul 21 2004 - 11:28:34 GMT-3
Hi
reflexive ACL doesn't work on locally generated traffic.
Best regards
Ahmed Hassan
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
jongsoo.kim@intelsat.com
Sent: Wednesday, July 21, 2004 1:07 AM
To: ccielab@groupstudy.com
Subject: reflexive ACL question
I set up a simple lab
R1 e0 .1 -----10.0.0.0/8 ----- .2 R2
R1 IOS is : IOS (tm) 2500 Software (C2500-JS-L), Version 12.2(16),
RELEASE SOFTWARE (fc3)
I configure a simple reflexive ACL using telnet but it doesn't seem
working.
What am I missing?
r1#telnet 10.0.0.2
Trying 10.0.0.2 ...
% Connection timed out; remote host not responding
Here is R1 summary config
ip reflexive-list timeout 240
interface Ethernet0
ip address 10.0.0.1 255.0.0.0
ip access-group in1 in
ip access-group out1 out
ip access-list extended in1
evaluate mytest
ip access-list extended out1
permit tcp any any reflect mytest timeout 120
If I remove ACL in R1-e0, I can Telnet R2
interface Ethernet0
ip address 10.0.0.1 255.0.0.0
!
r1#telnet 10.0.0.2
Trying 10.0.0.2 ... Open
User Access Verification
Password:
This archive was generated by hypermail 2.1.4 : Sun Aug 01 2004 - 10:12:00 GMT-3