Who Me Too'd this topic

Hi there,

we bought some ASR 1001, because we need the reflexive ACL Feature.

Now we received and tested them, but although feature navigator say, that for IOS XE 3.2.0S reflexive ACLs are available,

I am not able to configure reflexive ACLs on the ASR:

Router(config)#ip access-list extended test
Router(config-ext-nacl)#permit udp any any  ?
  dscp        Match packets with given dscp value
  eq          Match only packets on a given port number
  fragments   Check non-initial fragments
  gt          Match only packets with a greater port number
  log         Log matches against this entry
  log-input   Log matches against this entry, including input interface
  lt          Match only packets with a lower port number
  neq         Match only packets not on a given port number
  option      Match packets with given IP Options value
  precedence  Match packets with given precedence value
  range       Match only packets in the range of port numbers
  time-range  Specify a time-range
  tos         Match packets with given TOS value
  <cr>
Router(config-ext-nacl)#permit tcp any any  ?
  ack          Match on the ACK bit
  dscp         Match packets with given dscp value
  eq           Match only packets on a given port number
  established  Match established connections
  fin          Match on the FIN bit
  fragments    Check non-initial fragments
  gt           Match only packets with a greater port number
  log          Log matches against this entry
  log-input    Log matches against this entry, including input interface
  lt           Match only packets with a lower port number
  match-all    Match if all specified flags are present
  match-any    Match if any specified flag is present
  neq          Match only packets not on a given port number
  option       Match packets with given IP Options value
  precedence   Match packets with given precedence value
  psh          Match on the PSH bit
  range        Match only packets in the range of port numbers
  rst          Match on the RST bit
  syn          Match on the SYN bit
  time-range   Specify a time-range
  tos          Match packets with given TOS value
  urg          Match on the URG bit
  <cr>

Is this an error on the Feature Navigator or am I too stupid to configure this?

Thanks for any answers ;-)

Here is what "sh ver" says on the router:

Router#sh ver
Cisco IOS Software, IOS-XE Software (X86_64_LINUX_IOSD-UNIVERSAL-M), Version 15.1(1)S, RELEASE SOFTWARE (fc1)
License Package Information for Module:'asr1001'
ROM: IOS-XE ROMMON
Router uptime is 20 hours, 2 minutes
Uptime for this control processor is 20 hours, 3 minutes
System returned to ROM by reload at 04:33:34 UTC Sun Jul 17 2011
System image file is "bootflash:asr1001-universal.03.02.00.S.151-1.S.bin"
Last reload reason: PowerOn
Module name   Image level          Priority   Configured   Valid license       
asr1001       adventerprise        1          NO           adventerprise       
              advipservices        2          NO           advipservices       
              ipbase               3          NO           ipbase              
Current License Level: ipbase
cisco ASR1001 (1RU) processor with 1217912K/6147K bytes of memory.
4 Gigabit Ethernet interfaces
1 Ten Gigabit Ethernet interface
32768K bytes of non-volatile configuration memory.
4194304K bytes of physical memory.
7782399K bytes of eUSB flash at bootflash:.
Configuration register is 0x2102