Options
ccna
rodrypt
Member Posts: 1 ■□□□□□□□□□
in CCNA & CCENT
hi all...
i have a lite dificulty applying a acl...
the objective is to allow all trafic from r1 lan to r2 lan, but from r2 lan i can only access the server in r1, other trafic like telnet, www, http is blocked
pc1
\ /
pc4
switch
r1
r2
switch
server1
/ \
pc3
i used eigrp for protocol it's more plug and play than rip. before i apply any acls i have access to all network, and its working properly...
i tryed to apply the acl to the s 0/0 outbound
access-list 101 permit ip 192.168.50.0 0.0.0.255 host 192.168.30.254
access-list 101 deny ip 192.168.50.0 0.0.0.254 any
access-list 101 deny tcp 192.168.50.0 0.0.0.254 any eq telnet
access-list 101 deny tcp 192.168.50.0 0.0.0.254 any
the problem that i have is that i can't ping from r1 to r2. i tryed to use permits but the result is the same... i can ping the fa 0/0 but e cant ping the lan....
in other attempt i aplyed 2 different acls to the fa 0/0
inbound
access-list 101 permit ip 192.168.50.0 0.0.0.255 host 192.168.30.254
access-list 101 deny ip any any
outbound
access-list 102 permit tcp any any established
access-list 102 permit icmp any any echo-reply
access-list 102 permit icmp any any unreachable
but the result is the same....
what can i do to resolve this problem?
i have a lite dificulty applying a acl...
the objective is to allow all trafic from r1 lan to r2 lan, but from r2 lan i can only access the server in r1, other trafic like telnet, www, http is blocked
pc1
\ /
pc4
switch
r1
r2
switch
server1
/ \
pc3
i used eigrp for protocol it's more plug and play than rip. before i apply any acls i have access to all network, and its working properly...
i tryed to apply the acl to the s 0/0 outbound
access-list 101 permit ip 192.168.50.0 0.0.0.255 host 192.168.30.254
access-list 101 deny ip 192.168.50.0 0.0.0.254 any
access-list 101 deny tcp 192.168.50.0 0.0.0.254 any eq telnet
access-list 101 deny tcp 192.168.50.0 0.0.0.254 any
the problem that i have is that i can't ping from r1 to r2. i tryed to use permits but the result is the same... i can ping the fa 0/0 but e cant ping the lan....
in other attempt i aplyed 2 different acls to the fa 0/0
inbound
access-list 101 permit ip 192.168.50.0 0.0.0.255 host 192.168.30.254
access-list 101 deny ip any any
outbound
access-list 102 permit tcp any any established
access-list 102 permit icmp any any echo-reply
access-list 102 permit icmp any any unreachable
but the result is the same....
what can i do to resolve this problem?
Comments
-
Options
shednik
Member Posts: 2,005
I'd need to see your running configs and the drawing needs to be a little more specific I'm assuming everything is connected via ethernet on either side and the routers are connected via serial?? what do you see in a sh ip route do you see the other routers segments populating?
