Solved: WAN problem

Anand Narayana · ‎02-02-2006

Hi,

i have got Cisco 1751 router, S0/0 has got 1 public IP & fasethernet 0/0 also got 1 public IP, all the users on the LAN are accesing internet via a LINUX gateway machine. now the problem is, i am able to ping 192.168.87.1 from my LAN as well as from the router console, but all my LAN network is 192.168.100.0/24. even after removing the fastethernet 0/0 cable, still i could able to ping 192.168.87.1 which is going towards the ISP. now to avoid this how do i put the access-list on my router? because of this, when LAN users try to ping the gateway machine(192.168.100.1)time response it is getting time=500ms, when i disable s0/0 time=<14ms.

pkhatri · ‎02-03-2006

Hi,

If you wish to deny traffic to 192.168.87.0/24, do the following:

access-list 101 deny ip any 192.168.87.0 0.0.0.255

access-list 101 permit ip any any

!

int serial0 ! use your serial interface number

ip access-group 101 out

!

Hope that helps - pls rate the post if it does.

Paresh

View solution in original post

thisisshanky · ‎02-02-2006

Anand,

If you could post either the configs or put together a simple diagram in microsoft paint or visio, with the ip addresses properly laid out, it will help a lot in suggesting a solution for you.

What device has the ip address 192.168.87.1 configured ?

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus

Anand Narayana · ‎02-03-2006

let me explain the scenario,

Internet Router - Cisco 1751 it has got public IP

(both serial & fastethernet)

fastethernet connected to a gateway PC have 2 NIC, 1 Public IP & other private IP(192.168.100.0/24), now when i removed the fastethernet cable on the router, i could able to ping 192.168.87.1 which is pointing towards my ISP. so how do i restrict by putting access-list in my router for that particular network(192.168.87.0/24)?

pkhatri · ‎02-03-2006

Hi,