Reflexive access list

evarneyevarney Member Posts: 68 ■■■□□□□□□□
in CCNA Security
I have no idea what the hell this is. What does this do? I don't remember reading about it at all.
· Share on FacebookShare on Twitter

Comments

  • atorvenatorven Member Posts: 319
    I was going to write a whole bunch of stuff but Jeremy Stretch explained it better than I could.

    Reflexive access lists - PacketLife.net

    One thing that I discovered when testing these ACLs in GNS3 is that the router doing the reflecting cannot reflect its own sourced outbound traffic, just keep that in mind.
    · Share on FacebookShare on Twitter
  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    Reflexive ACLs are rarely used in my experience. They're cumbersome to manage, although I use them to a small degree at home. When you have firewalls that can handle stateful inspection processing (rather than just stateful filtering via reflexive ACLs), it's sort of pointless if you don't have at least some degree of application-level inspection involved for dynamic protocols like SIP and FTP.
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
    · Share on FacebookShare on Twitter
Sign In or Register to comment.