- Posts: 3
- Thank you received: 0
I am having problem in access list
17 years 8 months ago #19931
by kzrizvi
I am having problem in access list was created by kzrizvi
access-list 102 permit ip 10.211.200.0 0.0.0.255 any
this is my ethernet ip range.
and on serial port I assign
wan port is unnumbered ethernet
IP access-group 102 out
when i use this access list the remote ip ping lost. means i am not able to access any thing from remote location. but the connectivity is through.
what would be the problem. pls resolve it.
this is my ethernet ip range.
and on serial port I assign
wan port is unnumbered ethernet
IP access-group 102 out
when i use this access list the remote ip ping lost. means i am not able to access any thing from remote location. but the connectivity is through.
what would be the problem. pls resolve it.
17 years 8 months ago #19932
by kzrizvi
Replied by kzrizvi on topic Re: I am having problem in access list
access-list 102 permit ip 10.211.200.0 0.0.0.255 any
this is my ethernet ip range.
and on serial port I assign
wan port is unnumbered ethernet
IP access-group 102 out
when i use this access list the remote ip ping lost. means i am not able to access any thing from remote location. but the connectivity is through.
what would be the problem. pls resolve it.
17 years 8 months ago #19933
by S0lo
Studying CCNP...
Ammar Muqaddas
Forum Moderator
www.firewall.cx
Replied by S0lo on topic Re: I am having problem in access list
I assume that your pinging your ethernet subnet from something past the serial port. If this is the case, then yes, it will not work since the reply of pings will be blocked.
Can you explain more what you are trying to do ?
Can you explain more what you are trying to do ?
Studying CCNP...
Ammar Muqaddas
Forum Moderator
www.firewall.cx
17 years 8 months ago #19934
by kzrizvi
Replied by kzrizvi on topic Re: I am having problem in access list
interface FastEthernet0/0
ip address 10.x.x.x 255.255.255.0
ip access-group 103 in
!
interface Serial0/2
ip unnumbered FastEthernet0/0
ip access-group 102 out
!
ip access-list 102 permit ip 10.x.x.0 0.0.0.255 any
!
ip access-list 103 deny tcp any any eq 135
ip access-list 103 deny udp any any eq 137
ip access-list 103 deny udp any any eq 138
ip access-list 103 deny udp any any eq 139
ip access-list 103 permit ip any any
this config should be on all network with their own ethernet ip.
I dont know why it is not working. when i add the 102 access list we got disconnected from our remote location. pls help me out asap.
ip address 10.x.x.x 255.255.255.0
ip access-group 103 in
!
interface Serial0/2
ip unnumbered FastEthernet0/0
ip access-group 102 out
!
ip access-list 102 permit ip 10.x.x.0 0.0.0.255 any
!
ip access-list 103 deny tcp any any eq 135
ip access-list 103 deny udp any any eq 137
ip access-list 103 deny udp any any eq 138
ip access-list 103 deny udp any any eq 139
ip access-list 103 permit ip any any
this config should be on all network with their own ethernet ip.
I dont know why it is not working. when i add the 102 access list we got disconnected from our remote location. pls help me out asap.
17 years 8 months ago #19966
by mzinz
What happens if you create another access list, and add it to port int s0/2, inbound?
ip access-list 104 permit ip any any
int s0/2
ip access-group 104 in
Replied by mzinz on topic Re: I am having problem in access list
interface FastEthernet0/0
ip address 10.x.x.x 255.255.255.0
ip access-group 103 in
!
interface Serial0/2
ip unnumbered FastEthernet0/0
ip access-group 102 out
!
ip access-list 102 permit ip 10.x.x.0 0.0.0.255 any
!
ip access-list 103 deny tcp any any eq 135
ip access-list 103 deny udp any any eq 137
ip access-list 103 deny udp any any eq 138
ip access-list 103 deny udp any any eq 139
ip access-list 103 permit ip any any
this config should be on all network with their own ethernet ip.
I dont know why it is not working. when i add the 102 access list we got disconnected from our remote location. pls help me out asap.
What happens if you create another access list, and add it to port int s0/2, inbound?
ip access-list 104 permit ip any any
int s0/2
ip access-group 104 in
Time to create page: 0.125 seconds