Access-list problem

Unanswered Question
Dec 31st, 2008
User Badges:

hi friends ,

I wrote an access-list that permit only 2 hosts from the specified network. and apply this list to interface inbound . the first host are accessible but the second not.

Who can help me ?

the list definition :

ip access-list extended site2internal

permit tcp host eq www

permit ip host

deny ip any

permit ip any any accessible not-accessible

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Giuseppe Larosa Wed, 12/31/2008 - 02:03
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Reza,

are the two hosts accessible not-accessible

in the same ip subnet ?

you need to verify also routing in the return path

Hope to help


Reza Rezazadeh Wed, 12/31/2008 - 02:43
User Badges:

Hi Giuseppe ,

Yes to hosts are in a same subnet ,

the routing are correct.

ip route GigabitEthernet0/1.1

This hosts are accessible from other subnets, that no access-list are applied.

Best Regards

Reza Rezazadeh Fri, 01/02/2009 - 23:08
User Badges:

Hi everyone,

My problem exist , I try to develop the access-list but only one host are accessible :

ip access-list extended site2internal

permit tcp host eq www

permit ip host

permit tcp host eq ftp

permit tcp host eq domain

deny ip any

permit ip any any

With this configuration I intend from subnet to only hosts : , , , , with appropriate port number are accessible.

But only host are accessible and other not.

How can help me to solve this ?

Best Regards

Reza Rezazadeh Sat, 01/03/2009 - 00:05
User Badges:

I thought that the problem is with 172.20.0.x hosts, hosts that the third octet is "zero" . how can I correct this ?

glen.grant Sat, 01/03/2009 - 03:31
User Badges:
  • Purple, 4500 points or more

Shouldn't matter if its a zero subnet. I would verify the layer 3 subnet definition is . If yes also verify on the clients that the mask is is the same . If the acl is in the exact order you posted I don't see anything to keep it from working.


This Discussion