Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
293
Views
0
Helpful
1
Replies

Reflexive Access Lists

william2u
Level 1
Level 1

‎10-24-2008 02:35 AM - edited ‎03-04-2019 12:03 AM

Hi Gurus,

My Reflexive Access Lists is not woking, do you have any idea on it ? am i did the wrong config ?

* i juz wan my telnet session reflect in the ACL.

ip access-list extended OUTR2

permit tcp any any eq telnet reflect test

deny ip any any

ip access-list extended INR2

evaluate test

deny ip any any

interface Ethernet0/0

ip address 192.168.1.1 255.255.255.0

ip access-group INR2 in

ip access-group OUTR2 out

Labels:
0 Helpful
1 Reply 1

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎10-24-2008 05:02 AM

Hello William,

the first thing to do is deciding if your scenario requires configuration on an internal interface (internal LAN) or external interface.

In the case of internal interface that could fit in your case:

Internal Interface Configuration Task List

To configure reflexive access lists for an internal interface, perform the following tasks:

1. Defining the reflexive access list(s) in an inbound IP extended named access list

2. Nesting the reflexive access list(s) in an outbound IP extended named access list

3. Setting a global timeout value

see

http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_cfg_ip_filter_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1001063

So probably you should try the opposite of what you have done

Hope to help

Giuseppe

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card