Reflexive Access Lists

Unanswered Question
Oct 24th, 2008

Hi Gurus,


My Reflexive Access Lists is not woking, do you have any idea on it ? am i did the wrong config ?


* i juz wan my telnet session reflect in the ACL.


ip access-list extended OUTR2

permit tcp any any eq telnet reflect test

deny ip any any




ip access-list extended INR2

evaluate test

deny ip any any



interface Ethernet0/0

ip address 192.168.1.1 255.255.255.0

ip access-group INR2 in

ip access-group OUTR2 out

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Fri, 10/24/2008 - 05:02

Hello William,

the first thing to do is deciding if your scenario requires configuration on an internal interface (internal LAN) or external interface.


In the case of internal interface that could fit in your case:


Internal Interface Configuration Task List


To configure reflexive access lists for an internal interface, perform the following tasks:


1. Defining the reflexive access list(s) in an inbound IP extended named access list


2. Nesting the reflexive access list(s) in an outbound IP extended named access list


3. Setting a global timeout value


see

http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_cfg_ip_filter_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1001063


So probably you should try the opposite of what you have done


Hope to help

Giuseppe


Actions

This Discussion