Question

Locked

Cisco IOS ACL's nightmare. Of Course I'm a newbie.

By jnolla ·
Why is it that we tech people like to complicate our lives?
Is it to find
the solution to a problem, and feel good about our
problem solving
skills?<br/><br/>

How long those it actually take you? I'm sitting here after
2 days of
reading and scratching my head over my stupidity. I have
wasted
precious time with my family, reading and researching,
trying to find
the solution to this problem that I have once again created
fo myself.<br/><br/>

Maybe you can help...<br/>

Replaced a Cisco PIX 501, which we we're using as a
router for a CIDR
bloack we got from the ISP. Needless to say it was working
fine, but
we anted to try a real router, so we got a 2611xm.
<br/>
Now we got everything to work, with the exception of the
ACL's. Why
I don't know.<br/><br/>

<b>Here are the simple statements:</b><br/>

FA0/0<br/>
ip address 70.1.1.132 255.255.255.240<br/>
access-group 101 in<br/>
access-group 102 out<br/><br/>

FA0/1<br/>
ip address 70.1.2.129 255.255.255.240<br/><br/>

access-list 101 permit tcp any any established<br/>
access-list 101 permit tcp any host 70.1.2.130 eq
www<br/>
access-list 101 deny ip any any<br/>
access-list 102 permit ip 70.1.2.128 0.0.0.15 any<br/
><br/>


That's It! For some reason after I enter just one statement
for ACL
101, the connection to the outside world drops! Even
more, I can't
even ping FA0/1!<br/><br/>

I ask of your help. I'm in misery, and my family needs me
back.<br/>
Thanks.

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

implicit deny

by CG IT In reply to Cisco IOS ACL's nightmare ...

there is an implicit deny statement at the end of every ACL. so if you don't specifically allow it, the traffic is denied.

if you disable the ACL and you regain connectivity, the problem is in the ACL.

Collapse -

Remove the 3 line!

by realsom1 In reply to Cisco IOS ACL's nightmare ...

I think the problem could be at the 3th line where u say .. access-list 101 deny ip any any... since will deny all IP traffic.. ok I am not expert but I try my best. regards

Collapse -

Problem With Direction oF ACL

by kunal.khandait In reply to Cisco IOS ACL's nightmare ...

Hi,
The problem could be with direction you have given with ACL command. I think it should be vice-versa. I am not an Expert, try out by disabling ACL's; if it works then ACL configuration is wrong. In your case implicit deny is working. So try with directions.

Collapse -

Switch the ACLs

by jolevine In reply to Cisco IOS ACL's nightmare ...

Have you tried:

access-group 101 out
access-group 102 in

Also ping your Default GW and watch to see if you get any hits on the ACL

Back to Windows Forum
5 total posts (Page 1 of 1)  

Operating Systems Forums