3.5 R4 ACL's

Wouldn't we need to also update the inbound ACL that is being reflected off the outbound ACL to allow the return traffic for both 3.4 and 3.5 since it isn't being reflected? So something like:

R4#show ip access
Extended IP access list INBOUND
5 evaluate MIRROR
10 permit tcp any eq bgp any
25 permit tcp any host 204.12.1.100 neq smtp
30 permit tcp host 204.12.1.254 any eq bgp (141 matches)
50 permit udp any any eq ntp (48 matches)
60 permit tcp 50.0.200.4 1.1.1.1 any eq www established
70 deny tcp any any eq www established time-range WEB-ACCESS (inactive)


Reflexive IP access list MIRROR

Extended IP access list REFLECT
3 permit tcp any 50.0.200.4 1.1.1.1 eq www
5 deny tcp any any eq www time-range WEB-ACCESS (inactive)
10 permit tcp any any reflect MIRROR (34 matches)
20 permit udp any any reflect MIRROR
R4#

I don't think it would work without making these changes.

Regards,
Nick
Sign In or Register to comment.