PG1X WIKI

My Knowledge Base

User Tools

Site Tools


tech:network:cisco:security:network-security:acl:reflexive-acl:reflexive-acl

WIP: Cisco: Reflexive ACL

Tasks

  1. ACL established: ICMP ping
  2. ACL established: UDP: DNS Query
  3. ACL established: TCP: Passive
  4. ACL established: TCP: Active
  5. Reflexive ACL: ICMP ping
  6. Reflexive ACL: UDP: DNS Query
  7. Reflexive ACL: TCP: Passive
  8. Reflexive ACL: TCP: Active
  9. CBAC: ICMP ping
  10. CBAC: UDP: DNS Query
  11. CBAC: TCP: Passive
  12. CBAC: TCP: Active

Topology Redistribute static route with tag ac6665a0-c406-4f46-8b30-b205290aedb7

network-security.acl.reflexive-acl.2rt.2sw.4node.1ext-conn.static.ac6665a0

- Topology Description: Redistribute static route with tag
- Topology ID: ''ac6665a0-c406-4f46-8b30-b205290aedb7''
- Design and Technology:
  - PBR
  - route-map
  - Routing Protocol
    - static
    - OSPF
  - 3 routers
  - 0 servers
- Remarks: N/A

### Links

WIP: Cisco: Reflexive ACL [PG1X WIKI]
https://pg1x.com/tech:network:cisco:security:network-security:acl:reflexive-acl:reflexive-acl

Base Configuration

Common Configuration Snippet

trex-0

trex-1

ubuntu-0

ubuntu-1

R1

R2

Configure Reflexive ACL

configure terminal
!
ip access-list extened ACL_OUTBOUND
 permit icmp any any
 permit tcp any any reflect REFLECT_TCP timeout 120
!
ip access-list extened ACL_INBOUND
 permit icmp any any
 evaluate REFLECT_TCP
!
interface GigabitEthernet 0/0
 ip access-group ACL_OUTBOUND out
 ip access-group ACL_INBOUND in
!
end

References

tech/network/cisco/security/network-security/acl/reflexive-acl/reflexive-acl.txt · Last modified: 2020/09/13 20:23 by wnoguchi