reflexive acl and DHCP

Unanswered Question
Jun 18th, 2009
User Badges:

A follow up question to that posted by a user on May 3rd, 2009.

On my 2621XM that uses DHCP to obtain an IP addresss from my ISP, I have a reflexive acl that allows all inside-originated traffic out and responses back in.

I do successfully obtain an IP address and all connectivity from inside works well - for about 20 minutes. Ater 20 minutes or so (the time can vary), I lose communication to the internet.

The router still has the IP address but I can no longer reach the ISP or any where else. As simple shut/no shut of the outside interface restores communication. I don't see any errors or messages in the log file. I don't see anything in debug of ip packets to indicate why it would stop functioning. I've increased the ACL aging value to 1 hour (3600 seconds).

It is not an issue with the ISP as when I use my Linksys rather than the 2621 I don't lose connectivity.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Anonymous (not verified) Wed, 06/24/2009 - 13:49
User Badges:

Reflexive access list entries expire after no packets in the session have been detected for a certain length of time (the "timeout" period). You can specify the timeout for a particular reflexive access list when you define the reflexive access list. But if you do not specify the timeout for a given reflexive access list, the list will use the global timeout value instead.

The global timeout value is 300 seconds by default. But, you can change the global timeout to a different value at any time.


This Discussion