12-31-2008 01:54 AM - edited 03-06-2019 03:12 AM
hi friends ,
I wrote an access-list that permit only 2 hosts from the specified network. and apply this list to interface inbound . the first host are accessible but the second not.
Who can help me ?
the list definition :
ip access-list extended site2internal
permit tcp 172.25.0.0 0.0.255.255 host 172.20.1.2 eq www
permit ip 172.25.0.0 0.0.255.255 host 172.20.0.20
deny ip any 172.20.0.0 0.0.255.255
permit ip any any
172.20.1.2 accessible
172.20.0.20 not-accessible
12-31-2008 02:03 AM
Hello Reza,
are the two hosts
172.20.1.2 accessible
172.20.0.20 not-accessible
in the same ip subnet ?
you need to verify also routing in the return path
Hope to help
Giuseppe
12-31-2008 02:43 AM
Hi Giuseppe ,
Yes to hosts are in a same subnet , 255.255.0.0.
the routing are correct.
ip route 172.20.0.0 255.255.0.0 GigabitEthernet0/1.1
This hosts are accessible from other subnets, that no access-list are applied.
Best Regards
01-02-2009 11:08 PM
Hi everyone,
My problem exist , I try to develop the access-list but only one host are accessible :
ip access-list extended site2internal
permit tcp 172.25.0.0 0.0.255.255 host 172.20.1.2 eq www
permit ip 172.25.0.0 0.0.255.255 host 172.20.0.20
permit tcp 172.25.0.0 0.0.255.255 host 172.20.0.23 eq ftp
permit tcp 172.25.0.0 0.0.255.255 host 172.20.0.6 eq domain
deny ip any 172.20.0.0 0.0.255.255
permit ip any any
With this configuration I intend from subnet 172.25.0.0 to 172.20.0.0 only hosts : 172.20.0.20 , 172.20.0.23 , 172.20.0.20 , 172.20.0.6 , 172.20.1.2 with appropriate port number are accessible.
But only host 172.20.1.2 are accessible and other not.
How can help me to solve this ?
Best Regards
01-03-2009 12:05 AM
I thought that the problem is with 172.20.0.x hosts, hosts that the third octet is "zero" . how can I correct this ?
01-03-2009 03:31 AM
Shouldn't matter if its a zero subnet. I would verify the layer 3 subnet definition is 255.255.0.0 . If yes also verify on the clients that the mask is is the same 255.255.0.0 . If the acl is in the exact order you posted I don't see anything to keep it from working.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: