Reflexive Access Lists

Unanswered Question
Oct 24th, 2008
User Badges:

Hi Gurus,

My Reflexive Access Lists is not woking, do you have any idea on it ? am i did the wrong config ?

* i juz wan my telnet session reflect in the ACL.

ip access-list extended OUTR2

permit tcp any any eq telnet reflect test

deny ip any any

ip access-list extended INR2

evaluate test

deny ip any any

interface Ethernet0/0

ip address

ip access-group INR2 in

ip access-group OUTR2 out

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Giuseppe Larosa Fri, 10/24/2008 - 05:02
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello William,

the first thing to do is deciding if your scenario requires configuration on an internal interface (internal LAN) or external interface.

In the case of internal interface that could fit in your case:

Internal Interface Configuration Task List

To configure reflexive access lists for an internal interface, perform the following tasks:

1. Defining the reflexive access list(s) in an inbound IP extended named access list

2. Nesting the reflexive access list(s) in an outbound IP extended named access list

3. Setting a global timeout value


So probably you should try the opposite of what you have done

Hope to help



This Discussion