Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
480
Views
0
Helpful
1
Replies

Problem with reflexive ACLs

Rob
Level 1
Level 1

‎01-17-2014 12:30 PM - edited ‎03-11-2019 08:32 PM

Hello,

I've created a reflexive ACL to allow IP SLA flows between two routers.  Looking at the ACL counters, none of the outbound or inbound IP SLA permit statements are incrementing.  Looking at the logs, I can see that my IP SLA return traffic is being blocked by the inbound ACL (I created a "deny ip any any log" at the end of my inbound ACL).  Since the outbound reflexive statements aren't handling the outbound traffic (the counters aren't incrementing), the inbound reflexive ACL statements aren't being built.  When I remove the ACLs, the IP SLA traffic flows normally.

Do ACLs apply to network traffic originated from the router?  If not, how could I build a reflexive ACL to support IP SLA traffic?

Thanks,

Rob

Labels:
Preview file
267 KB
0 Helpful
1 Reply 1

Julio Carvajal
VIP Alumni
VIP Alumni

‎01-17-2014 10:11 PM

Hello Robert,

Traffic generated from the routed itself is not taken into consideration for Reflexive ACLs sessions

Looking for some Networking Assistance? 
Contact me directly at jcarvaja@laguiadelnetworking.com

I will fix your problem ASAP.

Cheers,

Julio Carvajal Segura
http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card