Cisco IOS ACL's nightmare. Of Course I'm a newbie.

By jnolla ·
Why is it that we tech people like to complicate our lives?
Is it to find
the solution to a problem, and feel good about our
problem solving

How long those it actually take you? I'm sitting here after
2 days of
reading and scratching my head over my stupidity. I have
precious time with my family, reading and researching,
trying to find
the solution to this problem that I have once again created
fo myself.<br/><br/>

Maybe you can help...<br/>

Replaced a Cisco PIX 501, which we we're using as a
router for a CIDR
bloack we got from the ISP. Needless to say it was working
fine, but
we anted to try a real router, so we got a 2611xm.
Now we got everything to work, with the exception of the
ACL's. Why
I don't know.<br/><br/>

<b>Here are the simple statements:</b><br/>

ip address<br/>
access-group 101 in<br/>
access-group 102 out<br/><br/>

ip address<br/><br/>

access-list 101 permit tcp any any established<br/>
access-list 101 permit tcp any host eq
access-list 101 deny ip any any<br/>
access-list 102 permit ip any<br/

That's It! For some reason after I enter just one statement
for ACL
101, the connection to the outside world drops! Even
more, I can't
even ping FA0/1!<br/><br/>

I ask of your help. I'm in misery, and my family needs me

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

implicit deny

by CG IT In reply to Cisco IOS ACL's nightmare ...

there is an implicit deny statement at the end of every ACL. so if you don't specifically allow it, the traffic is denied.

if you disable the ACL and you regain connectivity, the problem is in the ACL.

Collapse -

Remove the 3 line!

by realsom1 In reply to Cisco IOS ACL's nightmare ...

I think the problem could be at the 3th line where u say .. access-list 101 deny ip any any... since will deny all IP traffic.. ok I am not expert but I try my best. regards

Collapse -

Problem With Direction oF ACL

by kunal.khandait In reply to Cisco IOS ACL's nightmare ...

The problem could be with direction you have given with ACL command. I think it should be vice-versa. I am not an Expert, try out by disabling ACL's; if it works then ACL configuration is wrong. In your case implicit deny is working. So try with directions.

Collapse -

Switch the ACLs

by jolevine In reply to Cisco IOS ACL's nightmare ...

Have you tried:

access-group 101 out
access-group 102 in

Also ping your Default GW and watch to see if you get any hits on the ACL

Related Discussions

Related Forums