03-03-2003 05:12 AM - edited 02-20-2020 09:20 PM
I am trying to filter traffice through a a WAN link through a business partner, and trying to configure a reflexive access-list to allow only telnet traffic from my network to theirs.
I have created the following..
ip access-list extended pat_out
permit tcp any any eq telnet reflect pat
ip access-list extended pat_in
evaluate pat
and then on the interface
ip access-group pat_in in
ip access-group pat_out out
However this does not seem to work. I have tried this using fixed access-lists and seems to work.
Any ideas....
03-03-2003 03:43 PM
Hmmm, config looks OK. Can you do a "sho access-list pat_in" after you initiate a telnet session outbound and see what it shows?
03-04-2003 07:59 AM
I think you have the access-group's reversed on the interface...i.e. pat_in should be out and pat_out should be in...
Later...
03-04-2003 09:54 AM
Just realized this was a WAN interface and not a LAN interface, although I guess it depends on which end of the WAN connection your netowk is on...
Later...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide