Skip to main content

I am having problem in access list

More
17 years 10 months ago #19931 by kzrizvi
access-list 102 permit ip 10.211.200.0 0.0.0.255 any
this is my ethernet ip range.

and on serial port I assign
wan port is unnumbered ethernet
IP access-group 102 out

when i use this access list the remote ip ping lost. means i am not able to access any thing from remote location. but the connectivity is through.

what would be the problem. pls resolve it.
More
17 years 10 months ago #19932 by kzrizvi

access-list 102 permit ip 10.211.200.0 0.0.0.255 any
this is my ethernet ip range.

and on serial port I assign
wan port is unnumbered ethernet
IP access-group 102 out

when i use this access list the remote ip ping lost. means i am not able to access any thing from remote location. but the connectivity is through.

what would be the problem. pls resolve it.

More
17 years 10 months ago #19933 by S0lo
I assume that your pinging your ethernet subnet from something past the serial port. If this is the case, then yes, it will not work since the reply of pings will be blocked.

Can you explain more what you are trying to do ?

Studying CCNP...

Ammar Muqaddas
Forum Moderator
www.firewall.cx
More
17 years 10 months ago #19934 by kzrizvi
interface FastEthernet0/0
ip address 10.x.x.x 255.255.255.0
ip access-group 103 in
!
interface Serial0/2
ip unnumbered FastEthernet0/0
ip access-group 102 out
!
ip access-list 102 permit ip 10.x.x.0 0.0.0.255 any
!
ip access-list 103 deny tcp any any eq 135
ip access-list 103 deny udp any any eq 137
ip access-list 103 deny udp any any eq 138
ip access-list 103 deny udp any any eq 139
ip access-list 103 permit ip any any

this config should be on all network with their own ethernet ip.

I dont know why it is not working. when i add the 102 access list we got disconnected from our remote location. pls help me out asap.
More
17 years 10 months ago #19966 by mzinz

interface FastEthernet0/0
ip address 10.x.x.x 255.255.255.0
ip access-group 103 in
!
interface Serial0/2
ip unnumbered FastEthernet0/0
ip access-group 102 out
!
ip access-list 102 permit ip 10.x.x.0 0.0.0.255 any
!
ip access-list 103 deny tcp any any eq 135
ip access-list 103 deny udp any any eq 137
ip access-list 103 deny udp any any eq 138
ip access-list 103 deny udp any any eq 139
ip access-list 103 permit ip any any

this config should be on all network with their own ethernet ip.

I dont know why it is not working. when i add the 102 access list we got disconnected from our remote location. pls help me out asap.


What happens if you create another access list, and add it to port int s0/2, inbound?
ip access-list 104 permit ip any any
int s0/2
ip access-group 104 in
Time to create page: 0.137 seconds