cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1214
Views
0
Helpful
7
Replies

access control list problem

fran19422
Level 1
Level 1

Hello, I am trying to deifne an access control list to permit traffic from all internal (172,16.0.0/16) addressess, and deny all other traffic.

I have created the following:

access-list 1 permit 172.16.0.0 0.0.255.255

access-list 1 deny any

and applied it to the outgoing interface of the router:

interface FastEthernet0/0

ip address 10.0.0.1 255.0.0.0

ip access-group 1 out

ip nat outside

duplex auto

speed auto

However traffic from the networks: 172.16.4.0, 172.16.3.252, 172.16.255.252 and 172.16.255.248 cannot pass.

Have I done something incorrect here ?

Thanks for any help.

3 Accepted Solutions

Accepted Solutions

hi philip:   

     traffic from the networks: 172.16.4.0, 172.16.3.252, 172.16.255.252 and 172.16.255.248 is be nat ip 192.168.1.6

    192.168.1.6 can not pass the

    access-list 1 permit 172.16.0.0 0.0.255.255

    access-list 1 deny any

View solution in original post

Hi,

Why are you doing this NAT overload on Belfast ?

Just  do no ip nat outside on Belfast f0/0 so there ain't no more NAT and it will work.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

View solution in original post

Hi Alain,

Thanks for lending a hand on OP's issue!

Philip,

Could you try what Alain suggested and let us know how it goes?

Sent from Cisco Technical Support iPhone App

View solution in original post

7 Replies 7

johnlloyd_13
Level 9
Level 9

hi philip,

could you post the device's show run and a network diagram? are you running this on PT?

thank you for your help.

I have attached the packet tracer file. It should be easy to see what I am doing wrong for someone more proficient than me

The two passwords are:'cisco' and 'class'.

The router with the access control list is "Belfast".

Regards

hi philip,

sorry i don't have PT installed on my PC right now. could you copy and pase the config here?

yes, I have done that in the previous message.

Thank you kindly.

Hi,

Why are you doing this NAT overload on Belfast ?

Just  do no ip nat outside on Belfast f0/0 so there ain't no more NAT and it will work.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Hi Alain,

Thanks for lending a hand on OP's issue!

Philip,

Could you try what Alain suggested and let us know how it goes?

Sent from Cisco Technical Support iPhone App

hi philip:   

     traffic from the networks: 172.16.4.0, 172.16.3.252, 172.16.255.252 and 172.16.255.248 is be nat ip 192.168.1.6

    192.168.1.6 can not pass the

    access-list 1 permit 172.16.0.0 0.0.255.255

    access-list 1 deny any

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco