Go CCIE Go!! - A Cisco Certified Internetwork Expert

One thing to keep in mind. Router generated traffic is not checked against outbound filters. You could apply an ACL that denies all traffic outbound on an interface and still be able to ping from that router to a neighbor router. So you will not have a reflection back for your router generated traffic if you are using Reflexive lists. This may have something to do with it but I cannot tell for sure because I don’t know the topology or where you have applied these ACL’s specifically. You may want to upload the configs of the acl’s and the interfaces you have applied them to.
Thanks, Chris
On 4/30/08 2:37 PM, “olumayokun fowowe” wrote:
> Hello all, > > I was listening to the Internetwork Expert Cod on Security. My problem have > to do with the Relexive access list part. where we have MYFWEVAL and > MYFWREFLECT. In the CoD, MYFWEVAL was applied IN on the serial interface and > MYFWREFLECT as OUT on the same interface. When I tried replicating this with > dynamips, I couldn’t ping R5 nor R4 until I inverted the access list. I > applied MYFWREFLECT as IN and MYFWEVAL as out, then the Reflexive access > list worked. Please can anybody tell me the correct implementation. > Thanks. > > > Pass the CCIE in six weeks, Guaranteed! > http://www.certscience.com/CCIE > _______________________________________________________________________ > Subscription information may be found at: > http://www.groupstudy.com/list/CCIELab.html > > > >
Chris S. McGuire Network Engineer Phone: 801-456-1028 Fax: 801-456-1010 Email: cmcguire@firstdigital.com
Pass the CCIE in six weeks, Guaranteed! http://www.certscience.com/CCIE