I tried that too and it did not work. ----- Original Message ----- From: "Brian Dennis" To: "'John Tafasi'" ; "'Cisco Group Study'" ; "'ccielab'" Sent: Friday, December 13, 2002 11:56 PM Subject: RE: problem with reflexive access list
> John, > By default packets sourced by the router will not be affected by an > outbound ACL. Since the outbound ACL does not "see" the telnet traffic > sourced by the router, the router does not add an entry to the inbound > ACL to allow the traffic to return. Try telneting from behind R5. > > Brian Dennis, CCIE #2210 (R&S/ISP Dial/Security) > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of > John Tafasi > Sent: Friday, December 13, 2002 4:32 PM > To: Cisco Group Study; ccielab > Subject: problem with reflexive access list > > Hello, > > I have a problem telneting from r5 to r2 when reflexive ip access list > is > configured. Without the reflexive access list, the telnet will work > fine. > The two routers are directly connect via their ethernet 0 interfaces. > Could > some one find out what is wrong with my configuration. Both routers are > using their ethernet ip addresses for source and destination of the > telnet > traffic. > > > hostname r5 > ! > ip reflexive-list timeout 1000 > ! > ip access-list extended inboundfilter > permit igrp any any > evaluate tcptraffic > ip access-list extended outboundfilter > permit tcp any any reflect tcptraffic timeout 5000 > ! > interface Ethernet0 > ip address 10.10.110.3 255.255.255.0 > ip access-group inboundfilter in > ip access-group outboundfiler out > ntp disable > > ================ > > hostname r2 > ! > interface Ethernet0 > ip address 10.10.110.16 255.255.255.0 > . Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59214&t=59214 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]