Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
908
Views
0
Helpful
4
Replies

Sanity check

wgranada1
Level 1
Level 1

‎06-15-2007 07:39 AM - edited ‎03-03-2019 05:27 PM

Sorry for a silly question, I just want to make sure this is correct...in order for me to open up everything on a subnet all I need to do on my access-list is change from:

permit tcp host 10.254.27.59 host 205.248.197.39

to:

permit ip host 10.254.27.59 host 205.248.197.39

and this will not block anything no ports or anything wide open

Labels:
0 Helpful
4 Replies 4

Richard Burts
Hall of Fame
Hall of Fame

‎06-15-2007 07:52 AM

Warren

Yes, the first version of the access list would permit TCP traffic (but not UDP, ICMP, etc) and the second version of the access list will permit any IP traffic between those hosts - no port restrictions or anything - wide open for those hosts.

HTH

Rick

HTH

Rick
0 Helpful

wgranada1
Level 1
Level 1
In response to Richard Burts

‎06-15-2007 07:55 AM

Thank you Rick for answering my question having a rsync issue between those two devices where rsync just hangs but I can telnet, ping and ssh to it anyways thank you!!!

0 Helpful

r.repas
Level 1
Level 1
In response to wgranada1

‎06-15-2007 08:41 AM

FWIW...

I see one of the hosts is using private addressing and the other public. Is NAT involved? If so, perhaps an rsync initiated by the outside host can't get through the NAT. You should be able to overcome this with a static NAT translation.

Also, are you using encryption for rsync? Perhaps it's using ESP or AHP (ala' IPSec). You may need to explicitly permit those protocols in your ACL as well.

BTW, some older versions of IOS even required ICMP to be explicitly permitted. Newer versions permit ICMP when you permit the IP suite as a whole.

Thanks, Robin.

0 Helpful

wgranada1
Level 1
Level 1
In response to r.repas

‎06-15-2007 08:52 AM

Hi Robin;

I believe this is a static NAT 10.254.27.59 but let me double check this to ensure, maybe you've seen this before here is the error message I get:

ieschi1: Connection timed out

rsync: connection unexpectedly closed (0 bytes read so far)

rsync error: error in rsync protocol data stream (code 12) at io.c(342)

Thank you in advance for you help!!!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card