GroupStudy.com GroupStudy.com - A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
Re: Reflexive ACL posted 06/18/2008
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]


Hi Nit,
The routers do what we want them to do. It is basically a software
algorithm that makes the router decide what to do with a packet. Doc CD says
locally originated traffic is not checked by the outbound access list (it
could have been opposite-the IOS designers wanted this operation and compiled
it to work as this way) and this information is enough for us to configure the
reflexive access lists properly. We don't need to know the whole IOS software
and the detailed operation of the router to do this. 
However, if you are
interested, you may find the following book useful : "Inside Cisco IOS
Architectures, Cisco Press."
Kind Regards
Ahmet

----- Original Message ----
From: Nitro Drops <nitrodrops@xxxxxxxxxxx>
To: ahmet seckin
<elektronikadam@xxxxxxxxx>; ccielab@xxxxxxxxxxxxxx
Sent: Wednesday, June 18,
2008 3:29:55 AM
Subject: RE: Reflexive ACL

Thanks mate.
 
But how come the
local traffic is not hitting outbound ACL?

> Date: Tue, 17 Jun 2008 14:06:43
-0700
> From: elektronikadam@xxxxxxxxx
> Subject: Re: Reflexive ACL
> To:
nitrodrops@xxxxxxxxxxx; ccielab@xxxxxxxxxxxxxx
> 
> Hi Nit,
> The traffic that
hits the incoming ACL is not the local traffic. It is the traffic that comes
from the other party, destined to local ip address. It makes sense to check
every packet that comes from outer world(we may not want to send everybody to
telnet to the device for example), but it is OK not to apply the filtering
policy if WE(router) are trying to send a packet to outer world.
> Cheers
>
Ahmet
> 
> ----- Original Message ----
> From: Nitro Drops
<nitrodrops@xxxxxxxxxxx>
> To: ccielab@xxxxxxxxxxxxxx
> Sent: Tuesday, June
17, 2008 12:08:44 PM
> Subject: Reflexive ACL
> 
> Hi Guys,
> 
> Was studying
security today. Came across Refexive ACL. It says 'local traffic is not
reflected when it is sourced by the local router'.
> 
> I understand that it
is not reflected because the local traffic is not hitting the outbound ACL,
but why isnt the local traffic hitting the outbound ACL? and yet it is able to
hit inbound ACL?
> 
> Any guru can kindly explain a bit more. 
> 
> 
> Cheers
> Nit
> _________________________________________________________________
>
Easily publish your photos to your Spaces with Photo Gallery.
>
http://get.live.com/photogallery/overview
> 
> 
>
_______________________________________________________________________
>
Subscription information may be found at: 
>
http://www.groupstudy.com/list/CCIELab.html
> 
> 
>
_______________________________________________________________________
>
Subscription information may be found at: 
>
http://www.groupstudy.com/list/CCIELab.html
> 
> 
> 
>
________________________________
Share your beautiful moments with Photo
Gallery. Windows Live Photo Gallery