December 13, 2008
Posted by bcarroll
IPexpert CCIE Security Lab 1
Not a bad lab night. I only did 2 sections of lab 1, so I am going to continue this post later. The one thing that was good to be reminded of has to do with Reflexive ACLs.
TIP:
When testing Reflixive ACLs the /source-interface option does not cause the ACL to evaluate. To test use a different device.
I’ll continue to work through IPexperts lab guide. The last time I went through this lab was 4/15/07. I guess It was due.
More later. 
1 Comments
December 14, 2008
That’s a good point. Seems counter-intuitive that packets egressing a router are not matched against the outbound acl thus reflexive entry isn’t created.
Leave a comment