×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

refLexive access list

Unanswered Question

I am trying to filter traffice through a a WAN link through a business partner, and trying to configure a reflexive access-list to allow only telnet traffic from my network to theirs.


I have created the following..


ip access-list extended pat_out

permit tcp any any eq telnet reflect pat


ip access-list extended pat_in

evaluate pat


and then on the interface


ip access-group pat_in in

ip access-group pat_out out


However this does not seem to work. I have tried this using fixed access-lists and seems to work.


Any ideas....



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
gfullage Mon, 03/03/2003 - 15:43
User Badges:
  • Cisco Employee,

Hmmm, config looks OK. Can you do a "sho access-list pat_in" after you initiate a telnet session outbound and see what it shows?

vgrigaliunas Tue, 03/04/2003 - 07:59
User Badges:

I think you have the access-group's reversed on the interface...i.e. pat_in should be out and pat_out should be in...


Later...

vgrigaliunas Tue, 03/04/2003 - 09:54
User Badges:

Just realized this was a WAN interface and not a LAN interface, although I guess it depends on which end of the WAN connection your netowk is on...


Later...

Actions

This Discussion