thefindjack Thu, 10/11/2007 - 05:42
User Badges:

This is because you have an Access-list set INBOUND on your inside interface and you do not have a permit statement to allow traffic to the address (192.168.101.123). You need to add the IP address or an Object group that it is listed in to the "inside_access_in" access-list.


Example


access-list inside_access_in extended permit ip object-group MailDNS object-group xxxxx


access-list inside_access_in extended permit ip host 192.168.101.123 object-group xxxxx


access-list inside_access_in extended permit ip object-group MailDNS1 ip host xxxxx


You will need to do this because the way your access-list reads you will block all IP traffic that is not implicitly allowed BEFORE you allow ICMP from any to any. So you will need to allow IP traffic from that address first or you will need to change the position of your two lines....


access-list inside_access_in extended deny ip any any


access-list inside_access_in extended permit icmp any any


to be....


access-list inside_access_in extended permit icmp any any


access-list inside_access_in extended deny ip any any



santukumar Mon, 10/15/2007 - 03:25
User Badges:

After modification (according to u), it is not working means still ip x.x.x.123 is not working, but other ip is working fine.Plz relpy asap.

thefindjack Mon, 10/15/2007 - 04:43
User Badges:

Did you add it to the object group and put the object group in your INBOUND IN access list? Or did you just add an entry for it alone?

Actions

This Discussion