Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
467
Views
0
Helpful
3
Replies

refLexive access list

somanabich
Level 1
Level 1

‎03-03-2003 05:12 AM - edited ‎02-20-2020 09:20 PM

I am trying to filter traffice through a a WAN link through a business partner, and trying to configure a reflexive access-list to allow only telnet traffic from my network to theirs.

I have created the following..

ip access-list extended pat_out

permit tcp any any eq telnet reflect pat

ip access-list extended pat_in

evaluate pat

and then on the interface

ip access-group pat_in in

ip access-group pat_out out

However this does not seem to work. I have tried this using fixed access-lists and seems to work.

Any ideas....

Labels:
0 Helpful
3 Replies 3

gfullage
Cisco Employee
Cisco Employee

‎03-03-2003 03:43 PM

Hmmm, config looks OK. Can you do a "sho access-list pat_in" after you initiate a telnet session outbound and see what it shows?

0 Helpful

vgrigaliunas
Level 1
Level 1

‎03-04-2003 07:59 AM

I think you have the access-group's reversed on the interface...i.e. pat_in should be out and pat_out should be in...

Later...

0 Helpful

vgrigaliunas
Level 1
Level 1
In response to vgrigaliunas

‎03-04-2003 09:54 AM

Just realized this was a WAN interface and not a LAN interface, although I guess it depends on which end of the WAN connection your netowk is on...

Later...

0 Helpful
Customers Also Viewed These Support Documents