06-15-2007 07:39 AM - edited 03-03-2019 05:27 PM
Sorry for a silly question, I just want to make sure this is correct...in order for me to open up everything on a subnet all I need to do on my access-list is change from:
permit tcp host 10.254.27.59 host 205.248.197.39
to:
permit ip host 10.254.27.59 host 205.248.197.39
and this will not block anything no ports or anything wide open
06-15-2007 07:52 AM
Warren
Yes, the first version of the access list would permit TCP traffic (but not UDP, ICMP, etc) and the second version of the access list will permit any IP traffic between those hosts - no port restrictions or anything - wide open for those hosts.
HTH
Rick
06-15-2007 07:55 AM
Thank you Rick for answering my question having a rsync issue between those two devices where rsync just hangs but I can telnet, ping and ssh to it anyways thank you!!!
06-15-2007 08:41 AM
FWIW...
I see one of the hosts is using private addressing and the other public. Is NAT involved? If so, perhaps an rsync initiated by the outside host can't get through the NAT. You should be able to overcome this with a static NAT translation.
Also, are you using encryption for rsync? Perhaps it's using ESP or AHP (ala' IPSec). You may need to explicitly permit those protocols in your ACL as well.
BTW, some older versions of IOS even required ICMP to be explicitly permitted. Newer versions permit ICMP when you permit the IP suite as a whole.
Thanks, Robin.
06-15-2007 08:52 AM
Hi Robin;
I believe this is a static NAT 10.254.27.59 but let me double check this to ensure, maybe you've seen this before here is the error message I get:
ieschi1: Connection timed out
rsync: connection unexpectedly closed (0 bytes read so far)
rsync error: error in rsync protocol data stream (code 12) at io.c(342)
Thank you in advance for you help!!!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: