3.5 R4 ACL's

Wouldn't we need to also update the inbound ACL that is being reflected off the outbound ACL to allow the return traffic for both 3.4 and 3.5 since it isn't being reflected? So something like:

R4#show ip access
Extended IP access list INBOUND
5 evaluate MIRROR
10 permit tcp any eq bgp any
25 permit tcp any host neq smtp
30 permit tcp host any eq bgp (141 matches)
50 permit udp any any eq ntp (48 matches)
60 permit tcp any eq www established
70 deny tcp any any eq www established time-range WEB-ACCESS (inactive)

Reflexive IP access list MIRROR

Extended IP access list REFLECT
3 permit tcp any eq www
5 deny tcp any any eq www time-range WEB-ACCESS (inactive)
10 permit tcp any any reflect MIRROR (34 matches)
20 permit udp any any reflect MIRROR

I don't think it would work without making these changes.

Sign In or Register to comment.