I have a 2600 where we are using Reflexive access-lists.
I have noticed that if the source address is an interface that is on the router ie a loopback when testing then an entry is not created in teh acces-list so is refused for the inbound part. Is there by design or a bug.
I *think* this is by design but I cannot find it doc'ed anywhere. Perhaps someone else watching the forum can assist here. I don't think locally generated traffic is subject to an ACL applied outbound on the destination interface. Meaning, if this ACL never sees the traffic, it cannot be reflected to the inbound ACL and therefore, not allowed back in. I guess in most cases, people reflect on the ingress interface and evaluate on the egress interface. In cases like this, obviously locally generated traffic (traffic gen'ed from the router) is not going to be dynamically allowed back in. I know this is not concrete but I believe I can confirm what you found as a design limitation.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...