Thank you Brian that was why it did not work. Now it is working . ----- Original Message ----- From: "Brian Dennis" To: "'John Tafasi'" ; "'Cisco Group Study'" ; "'ccielab'" Sent: Saturday, December 14, 2002 12:35 PM Subject: RE: problem with reflexive access list
> You also misspelled "outboundfilter" when you applied it to Ethernet 0. > > Brian Dennis, CCIE #2210 (R&S/ISP Dial/Security) > > -----Original Message----- > From: John Tafasi [mailto:[EMAIL PROTECTED]] > Sent: Friday, December 13, 2002 11:43 PM > To: Brian Dennis; 'Cisco Group Study'; 'ccielab' > Subject: Re: problem with reflexive access list > > I tried that too and it did not work. > ----- Original Message ----- > From: "Brian Dennis" > To: "'John Tafasi'" ; "'Cisco Group Study'" > ; "'ccielab'" > Sent: Friday, December 13, 2002 11:56 PM > Subject: RE: problem with reflexive access list > > > > John, > > By default packets sourced by the router will not be affected by an > > outbound ACL. Since the outbound ACL does not "see" the telnet traffic > > sourced by the router, the router does not add an entry to the inbound > > ACL to allow the traffic to return. Try telneting from behind R5. > > > > Brian Dennis, CCIE #2210 (R&S/ISP Dial/Security) > > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf > Of > > John Tafasi > > Sent: Friday, December 13, 2002 4:32 PM > > To: Cisco Group Study; ccielab > > Subject: problem with reflexive access list > > > > Hello, > > > > I have a problem telneting from r5 to r2 when reflexive ip access list > > is > > configured. Without the reflexive access list, the telnet will work > > fine. > > The two routers are directly connect via their ethernet 0 interfaces. > > Could > > some one find out what is wrong with my configuration. Both routers > are > > using their ethernet ip addresses for source and destination of the > > telnet > > traffic. > > > > > > hostname r5 > > ! > > ip reflexive-list timeout 1000 > > ! > > ip access-list extended inboundfilter > > permit igrp any any > > evaluate tcptraffic > > ip access-list extended outboundfilter > > permit tcp any any reflect tcptraffic timeout 5000 > > ! > > interface Ethernet0 > > ip address 10.10.110.3 255.255.255.0 > > ip access-group inboundfilter in > > ip access-group outboundfiler out > > ntp disable > > > > ================ > > > > hostname r2 > > ! > > interface Ethernet0 > > ip address 10.10.110.16 255.255.255.0 > > . Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59232&t=59232 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]