Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

refLexive access list

I am trying to filter traffice through a a WAN link through a business partner, and trying to configure a reflexive access-list to allow only telnet traffic from my network to theirs.

I have created the following..

ip access-list extended pat_out

permit tcp any any eq telnet reflect pat

ip access-list extended pat_in

evaluate pat

and then on the interface

ip access-group pat_in in

ip access-group pat_out out

However this does not seem to work. I have tried this using fixed access-lists and seems to work.

Any ideas....

3 REPLIES
Cisco Employee

Re: refLexive access list

Hmmm, config looks OK. Can you do a "sho access-list pat_in" after you initiate a telnet session outbound and see what it shows?

Community Member

Re: refLexive access list

I think you have the access-group's reversed on the interface...i.e. pat_in should be out and pat_out should be in...

Later...

Community Member

Re: refLexive access list

Just realized this was a WAN interface and not a LAN interface, although I guess it depends on which end of the WAN connection your netowk is on...

Later...

165
Views
0
Helpful
3
Replies
CreatePlease to create content