Cisco Support Community
Community Member


Just recently took over like 7 cisco routers 2 voip systems and 12 switches in our network.

I have my CCNA but i am confused to my knowledge acl's have to be assigned to something and a recent problem( doing backups from a remote location across a tunnel is bringing up a message saying communications lost. I have done this with a ping going accross the tunnel to the server that i am backing up and according to the ping my tunnel is still up. so i though maybe a acl is blocking it. when i run back up at about 2min and 30 sec it stopping but it has not sent one byte.)So i look at the acls on the remote router and none are assigned anywhere. Is this some sort of CCNP configuration going on? to my knowledge all acls have to be assigned to a interface for in/out traffic.

Here are the acl's

Extended IP access list 101

10 permit tcp host any eq ftp

20 permit tcp host any eq ftp-data

30 permit tcp any eq ftp host

40 permit tcp any eq ftp-data host

Extended IP access list 102

10 permit ip any

Extended IP access list 111

10 permit ip any

20 deny ip any any

Extended IP access list 130

10 deny ip (484 matches)

20 permit ip any (1792934 matches)

Extended IP access list 140

10 permit gre host host (5460262 matches)

Extended IP access list 141

10 permit ip

20 deny ip any any

But like i said they are not assigned to any interface. Can anyone explain why these are not assigned to anything.

If they are doing something should i make or add on to a acl allowing trafic to and from the server ip that i want to back up?

Thanks in advance from the rookie of the year.


Re: acl's

correct, an ACL must be assigned to an interface for an interface to use it to filter traffic.

as to answering "why these ACLs are not assigned...", i don't think we can tell you why your hardware is not configured a certain way.

looking at your posted output of ACLs it is clear that 10 & 20 are in use on at least one interface.

it will be helpful if you can paste your router configuration minus sensative data if you can.

you may very well need an ACL to allow access to backup the server. we cannot tell from this point, need configuration info as well as a 'show ip route' output for starters. this will allow us to create an ACL to fit your topology.

CreatePlease to create content