Not sure what I'm doing wrong but when I add the following access-list to my interface fa1/8 I cannot ping anything anymore I've been staring at this for a while so it all looks the same to me...am I missing something? Thank you in advance for your help!!
ip access-list extended BNP-in
permit ip 126.96.36.199 0.0.0.255 10.255.118.0 0.0.0.127
You have not told us what is the subnet on interface fa1/8. And you have not been specific about which access list is applied in which direction - the naming of the access list probably suggests which direction. I am going to make a guess that the subnet on the interface is 10.255.118.0/25. If that is the case then you are applying the access lists in the wrong direction.
If the access list is applied inbound then the subnet of the interface is the source address and some other address is the destination. And if applied outbound then then interface subnet is the destination and some other address is the source.
Thanks for posting the additional information. It does complicate the situation quite a bit. If I understand the static route then subnet 188.8.131.52 is reached through some device that is connected on the subnet of fa1/8. If that subnet is outbound from the router on fa1/8 then any device in that subnet can communicate with any device in the 10.255.118.0 subnet without going through the router interface. Therefore the access list on the router is ineffective in controlling any traffic between 184.108.40.206 and 10.255.118.0 and 3 of the 6 lines in the access lists are trying to do that. And the 3 other lines are attempting to control traffic between 10.255.118.74 and the rest of the subnet.
And as I guessed in my previous post you have confused the function of access-group in and access-group out.
I think that the fundamental reason that you can not ping anything is that the inbound access does not permit any of the traffic that it will see. If you are pinging devices in the subnet of 10.255.118.0 then the responses coming back to the router will have 10.255.118.x as the source address. And your inbound access list does not permit that subnet as the source address.
What I was trying to do is this I have to get to an outside IP address of 220.127.116.11 I was given the NAT of 10.255.118.0/25. So what I was trying to do was to only allow devices with the natted ip of 10.255.118.0/25 to be able to come through this connection to get to 18.104.22.168/24 I thought I had accomplished that but I guess I haven't any suggestions on how I may go about doing that then?
This document gives several answers on frequently asked questions for PFRv3 channel state behavior.
Q1: What are all the channel operational states from a BR (border role) perspective and what are the rules/conditions to be in each st...
The need was to reach an host inside a LAN through a VPN connection managed by the LAN gateway (Cisco 1921).
The LAN gateway performs NAT and there was a dedicate nat rule for the host i wanted to reach through VPN.
I couldn't connect to the hos...
We have 3 identical switches configured by someone else and would like to claim some of the Gigabit ports(G1/G2/G3/G4) for use on servers. When we try to change the wiring and configuration, we run in to connectivity issues. Attached is a des...