Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

My Access List Blocks Everything?

I have a lan set up with a dmz for a webserver.

My external router is a cisco 3600 and the internal is a cisco 2600.

I am attempting to apply an access list but each time I apply it I end up blocking everything. Is anyone able to tell me where I am going wrong, please?

My acl:

access list (name/number) incoming on internal

permit tcp any 172.16.32.0 0.0.0.255 established

permit tcp any 172.16.32.0 0.0.0.255 5050

permit tcp any 172.16.32.0 0.0.0.255 5100

permit tcp any 172.16.32.0 0.0.0.255 5101

permit tcp any 172.16.32.0 0.0.0.255 1863

permit tcp any 172.16.32.0 0.0.0.255 110

permit tcp any 172.16.32.0 0.0.0.255 25

permit tcp any 172.16.32.0 0.0.0.255 80

permit tcp any 172.16.32.0 0.0.0.255 range 6881-6969

permit tcp any 172.16.32.0 0.0.0.255 6346

permit tcp any 172.16.32.0 0.0.0.255 1366

permit tcp any 172.16.32.0 0.0.0.255 5190

permit tcp any 172.16.32.0 0.0.0.255 1080

permit tcp any 172.16.32.0 0.0.0.255 1366

permit tcp any 172.16.32.0 0.0.0.255 1367

permit tcp any 172.16.32.0 0.0.0.255 5190

deny any any

2 REPLIES

Re: My Access List Blocks Everything?

Hello,

are you sure the destination address is in the range 172.16.32.0/24?

What means "everything" is blocked? How do you test this? Can you add

permit icmp any 172.16.32.0 0.0.0.255

above the "deny any any" command and ping the server?

Regards, Martin

Hall of Fame Super Silver

Re: My Access List Blocks Everything?

Looking at the access list I would think it was more likely built as an outbound access list: especially the use of tcp established (more often out than in) and the fact that destination addresses are specified. But this line in the original post makes me wonder if it is applied as inbound:

access list (name/number) incoming on internal

Perhaps the original poster can clarify on which interface and in which direction the access list is applied. In fact it would be helpful if the original poster can post the entire configuration of the interface.

HTH

Rick

125
Views
3
Helpful
2
Replies