Hi Giuseppe ,

Yes to hosts are in a same subnet , 255.255.0.0.

the routing are correct.

ip route 172.20.0.0 255.255.0.0 GigabitEthernet0/1.1

This hosts are accessible from other subnets, that no access-list are applied.

Best Regards

Hi everyone,

My problem exist , I try to develop the access-list but only one host are accessible :

ip access-list extended site2internal

permit tcp 172.25.0.0 0.0.255.255 host 172.20.1.2 eq www

permit ip 172.25.0.0 0.0.255.255 host 172.20.0.20

permit tcp 172.25.0.0 0.0.255.255 host 172.20.0.23 eq ftp

permit tcp 172.25.0.0 0.0.255.255 host 172.20.0.6 eq domain

deny ip any 172.20.0.0 0.0.255.255

permit ip any any

With this configuration I intend from subnet 172.25.0.0 to 172.20.0.0 only hosts : 172.20.0.20 , 172.20.0.23 , 172.20.0.20 , 172.20.0.6 , 172.20.1.2 with appropriate port number are accessible.

But only host 172.20.1.2 are accessible and other not.

How can help me to solve this ?

Best Regards

I thought that the problem is with 172.20.0.x hosts, hosts that the third octet is "zero" . how can I correct this ?

Shouldn't matter if its a zero subnet. I would verify the layer 3 subnet definition is 255.255.0.0 . If yes also verify on the clients that the mask is is the same 255.255.0.0 . If the acl is in the exact order you posted I don't see anything to keep it from working.