Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

reflexive acl and DHCP

A follow up question to that posted by a user on May 3rd, 2009.

On my 2621XM that uses DHCP to obtain an IP addresss from my ISP, I have a reflexive acl that allows all inside-originated traffic out and responses back in.

I do successfully obtain an IP address and all connectivity from inside works well - for about 20 minutes. Ater 20 minutes or so (the time can vary), I lose communication to the internet.

The router still has the IP address but I can no longer reach the ISP or any where else. As simple shut/no shut of the outside interface restores communication. I don't see any errors or messages in the log file. I don't see anything in debug of ip packets to indicate why it would stop functioning. I've increased the ACL aging value to 1 hour (3600 seconds).

It is not an issue with the ISP as when I use my Linksys rather than the 2621 I don't lose connectivity.




Re: reflexive acl and DHCP

Reflexive access list entries expire after no packets in the session have been detected for a certain length of time (the "timeout" period). You can specify the timeout for a particular reflexive access list when you define the reflexive access list. But if you do not specify the timeout for a given reflexive access list, the list will use the global timeout value instead.

The global timeout value is 300 seconds by default. But, you can change the global timeout to a different value at any time.