tunnel snmp traffic

Unanswered Question
Jun 29th, 2009

I have a router R0 , RO's f0/0 connects to a server and R0 also use the F0/0 as a gre tunnel's source interface . this tunnel's destination is the R3's f0/0 . and 1 smtp server connects to router R3. the server need to connect to the server's TCP port 25. and i put a acl on R0's f0/0

int f0/0

ip access-group snmp in

ip access-list extended snmp

permit tcp host host eq 25

there is no other ACL between this 2 servers.

but the server still can not access server by using tcp port 25.

since the tunnel 0 also use f0/0 as source interface , i guess maybe i need to add one more line for ACL snmp

permit tcp host eq 25 host

Please help me for this issue. if my guess is wrong , what is the right sloution .

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Giuseppe Larosa Mon, 06/29/2009 - 11:22

Hello Yang,

you are right

the ACL should be written has:

permit tcp host eq 25 host

I would test this with the following:

just remove the ACL you have applied on the tunnel interface.

Test it without any ACL.

In these conditions can server connect to

Try with the modified ACL and see the behaviour.

your original ACL should match with traffic sent out the tunnel if R0 sees tunnel0 as the outgoing interface to reach

Hope to help


cscyangyu Tue, 06/30/2009 - 05:24

I can not test it since i need to submit change request before i change ACL.


This Discussion