John, By default packets sourced by the router will not be affected by an outbound ACL. Since the outbound ACL does not "see" the telnet traffic sourced by the router, the router does not add an entry to the inbound ACL to allow the traffic to return. Try telneting from behind R5.
Brian Dennis, CCIE #2210 (R&S/ISP Dial/Security) -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John Tafasi Sent: Friday, December 13, 2002 4:32 PM To: Cisco Group Study; ccielab Subject: problem with reflexive access list Hello, I have a problem telneting from r5 to r2 when reflexive ip access list is configured. Without the reflexive access list, the telnet will work fine. The two routers are directly connect via their ethernet 0 interfaces. Could some one find out what is wrong with my configuration. Both routers are using their ethernet ip addresses for source and destination of the telnet traffic. hostname r5 ! ip reflexive-list timeout 1000 ! ip access-list extended inboundfilter permit igrp any any evaluate tcptraffic ip access-list extended outboundfilter permit tcp any any reflect tcptraffic timeout 5000 ! interface Ethernet0 ip address 10.10.110.3 255.255.255.0 ip access-group inboundfilter in ip access-group outboundfiler out ntp disable ================ hostname r2 ! interface Ethernet0 ip address 10.10.110.16 255.255.255.0 FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
