Reflexive access list

evarneyevarney Posts: 68Member ■■□□□□□□□□
I have no idea what the hell this is. What does this do? I don't remember reading about it at all.

Comments

  • atorvenatorven Posts: 319Member
    I was going to write a whole bunch of stuff but Jeremy Stretch explained it better than I could.

    Reflexive access lists - PacketLife.net

    One thing that I discovered when testing these ACLs in GNS3 is that the router doing the reflecting cannot reflect its own sourced outbound traffic, just keep that in mind.
  • docricedocrice Posts: 1,706Member ■■■■■■■■■■
    Reflexive ACLs are rarely used in my experience. They're cumbersome to manage, although I use them to a small degree at home. When you have firewalls that can handle stateful inspection processing (rather than just stateful filtering via reflexive ACLs), it's sort of pointless if you don't have at least some degree of application-level inspection involved for dynamic protocols like SIP and FTP.
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
Sign In or Register to comment.