Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

access control list problem

Hello, I am trying to deifne an access control list to permit traffic from all internal (172,16.0.0/16) addressess, and deny all other traffic.

I have created the following:

access-list 1 permit 172.16.0.0 0.0.255.255

access-list 1 deny any

and applied it to the outgoing interface of the router:

interface FastEthernet0/0

ip address 10.0.0.1 255.0.0.0

ip access-group 1 out

ip nat outside

duplex auto

speed auto

However traffic from the networks: 172.16.4.0, 172.16.3.252, 172.16.255.252 and 172.16.255.248 cannot pass.

Have I done something incorrect here ?

Thanks for any help.

3 ACCEPTED SOLUTIONS

Accepted Solutions
New Member

access control list problem

hi philip:   

     traffic from the networks: 172.16.4.0, 172.16.3.252, 172.16.255.252 and 172.16.255.248 is be nat ip 192.168.1.6

    192.168.1.6 can not pass the

    access-list 1 permit 172.16.0.0 0.0.255.255

    access-list 1 deny any

Purple

access control list problem

Hi,

Why are you doing this NAT overload on Belfast ?

Just  do no ip nat outside on Belfast f0/0 so there ain't no more NAT and it will work.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Re: access control list problem

Hi Alain,

Thanks for lending a hand on OP's issue!

Philip,

Could you try what Alain suggested and let us know how it goes?

Sent from Cisco Technical Support iPhone App

7 REPLIES

access control list problem

hi philip,

could you post the device's show run and a network diagram? are you running this on PT?

New Member

Re: access control list problem

thank you for your help.

I have attached the packet tracer file. It should be easy to see what I am doing wrong for someone more proficient than me

The two passwords are:'cisco' and 'class'.

The router with the access control list is "Belfast".

Regards

Re: access control list problem

hi philip,

sorry i don't have PT installed on my PC right now. could you copy and pase the config here?

New Member

Re: access control list problem

yes, I have done that in the previous message.

Thank you kindly.

Purple

access control list problem

Hi,

Why are you doing this NAT overload on Belfast ?

Just  do no ip nat outside on Belfast f0/0 so there ain't no more NAT and it will work.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Re: access control list problem

Hi Alain,

Thanks for lending a hand on OP's issue!

Philip,

Could you try what Alain suggested and let us know how it goes?

Sent from Cisco Technical Support iPhone App

New Member

access control list problem

hi philip:   

     traffic from the networks: 172.16.4.0, 172.16.3.252, 172.16.255.252 and 172.16.255.248 is be nat ip 192.168.1.6

    192.168.1.6 can not pass the

    access-list 1 permit 172.16.0.0 0.0.255.255

    access-list 1 deny any

390
Views
0
Helpful
7
Replies