11-26-2024 01:08 AM
Hi, is there a version of ios-xe supporting reflexive access list? I try to migrate a config fotm c897va to a c1117 and the reflexive or evaluate keywords are unknown. (17.12.4 is,on thd device) Or has the syntax changed?
Is there a script to convert such ACLs to use the ios firewall feature, or has someone tips how to transfer functionality?
11-26-2024 01:17 AM
you need to use Zone firewall instead
use class-map inspect the ACL of traffic
policy-map inspect the class-map above and action will be inspect
zone pair between two interface
this same as reflexive ACL I think
MHM
11-26-2024 03:57 AM
The limitation is related to ISR1100 not with the IOS-XE specifically
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide