Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Reflexive Access Lists

Hi Gurus,

My Reflexive Access Lists is not woking, do you have any idea on it ? am i did the wrong config ?

* i juz wan my telnet session reflect in the ACL.

ip access-list extended OUTR2

permit tcp any any eq telnet reflect test

deny ip any any

ip access-list extended INR2

evaluate test

deny ip any any

interface Ethernet0/0

ip address 192.168.1.1 255.255.255.0

ip access-group INR2 in

ip access-group OUTR2 out

1 REPLY
Hall of Fame Super Silver

Re: Reflexive Access Lists

Hello William,

the first thing to do is deciding if your scenario requires configuration on an internal interface (internal LAN) or external interface.

In the case of internal interface that could fit in your case:

Internal Interface Configuration Task List

To configure reflexive access lists for an internal interface, perform the following tasks:

1. Defining the reflexive access list(s) in an inbound IP extended named access list

2. Nesting the reflexive access list(s) in an outbound IP extended named access list

3. Setting a global timeout value

see

http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_cfg_ip_filter_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1001063

So probably you should try the opposite of what you have done

Hope to help

Giuseppe

107
Views
0
Helpful
1
Replies
CreatePlease login to create content