I have a 7200 Router, and I am implementing a ACL that would block uncertain traffic going in to my network. So I created an extended access lists and apply it to my LAN interface but the acl seems not working eventhough I explicitly put a deny any any command, yet other network still successfully got in. The second thing I did was apply it to the WAN interface, though the ACl is working, the problem now was i can't be able to access the internet. I try to upgrade its IOS to 12.4 but uploading it give me a hardtime too, e.g., on my tftp server give me such error "file does not exists". When I issue the command "dir" the IOS is located on disk0:. Should I do "copy tftp disk0"? Any suggestions? specifically on the ACl..
Cisco Internetwork Operating System Software
IOS (tm) 7200 Software (C7200-IS-M), Version 12.2(28a), RELEASE SOFTWARE (fc2)
It would help us answer your question better if you had told us what your address space is. But without knowing that helpful detail here are some observations about your access list:
- all of the statements reflect a destination of 10.10.10.0 0.0.1.255. Would we understand from this that 10.10.10.x and 10.10.11.x are your address space?
- the statements in the later part of the access list specify protocol and port values and specify the same port value as source and as destination. This generally does not work. Very few protocols use the same source port and destination port. So for example the first one of these is:
deny tcp any eq telnet 10.10.10.0 0.0.1.255 eq telnet
if you want to deny with telnet as source or telnet as destination then you probably need 2 statements in the access list. As it is written it will never match a telnet packet because in the telnet packet the source OR the destination will be telnet but not both.
- you describe using this access list on LAN then on the WAN. You did not specify whether you changed the access list around when you moved it. But the relationship of source address and destination address probably needs to swap when you move between interfaces.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...