Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

tunnel snmp traffic

I have a router R0 , RO's f0/0 connects to a server 10.1.1.2 and R0 also use the F0/0 as a gre tunnel's source interface . this tunnel's destination is the R3's f0/0 . and 1 smtp server 192.168.1.3 connects to router R3. the server 10.1.1.2 need to connect to the server 192.168.1.3's TCP port 25. and i put a acl on R0's f0/0

int f0/0

ip access-group snmp in

ip access-list extended snmp

permit tcp host 10.1.1.2 host 192.168.1.3 eq 25

there is no other ACL between this 2 servers.

but the server 10.1.1.2 still can not access server 192.168.1.3 by using tcp port 25.

since the tunnel 0 also use f0/0 as source interface , i guess maybe i need to add one more line for ACL snmp

permit tcp host 192.168.1.3 eq 25 host 10.1.1.2.

Please help me for this issue. if my guess is wrong , what is the right sloution .

  • LAN Switching and Routing
2 REPLIES
Hall of Fame Super Silver

Re: tunnel snmp traffic

Hello Yang,

you are right

the ACL should be written has:

permit tcp host 192.168.1.3 eq 25 host 10.1.1.2

I would test this with the following:

just remove the ACL you have applied on the tunnel interface.

Test it without any ACL.

In these conditions can server 10.1.1.2 connect to 192.168.1.3?

Try with the modified ACL and see the behaviour.

your original ACL should match with traffic sent out the tunnel if R0 sees tunnel0 as the outgoing interface to reach 192.168.1.3

Hope to help

Giuseppe

New Member

Re: tunnel snmp traffic

I can not test it since i need to submit change request before i change ACL.

159
Views
0
Helpful
2
Replies
This widget could not be displayed.