Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started.

WAN problem

Hi,

i have got Cisco 1751 router, S0/0 has got 1 public IP & fasethernet 0/0 also got 1 public IP, all the users on the LAN are accesing internet via a LINUX gateway machine. now the problem is, i am able to ping 192.168.87.1 from my LAN as well as from the router console, but all my LAN network is 192.168.100.0/24. even after removing the fastethernet 0/0 cable, still i could able to ping 192.168.87.1 which is going towards the ISP. now to avoid this how do i put the access-list on my router? because of this, when LAN users try to ping the gateway machine(192.168.100.1)time response it is getting time=500ms, when i disable s0/0 time=<14ms.

  • WAN Routing and Switching
1 ACCEPTED SOLUTION

Accepted Solutions
Purple

Re: WAN problem

Hi,

If you wish to deny traffic to 192.168.87.0/24, do the following:

access-list 101 deny ip any 192.168.87.0 0.0.0.255

access-list 101 permit ip any any

!

int serial0 ! use your serial interface number

ip access-group 101 out

!

Hope that helps - pls rate the post if it does.

Paresh

4 REPLIES

Re: WAN problem

Anand,

If you could post either the configs or put together a simple diagram in microsoft paint or visio, with the ip addresses properly laid out, it will help a lot in suggesting a solution for you.

What device has the ip address 192.168.87.1 configured ?

Re: WAN problem

let me explain the scenario,

Internet Router - Cisco 1751 it has got public IP

(both serial & fastethernet)

fastethernet connected to a gateway PC have 2 NIC, 1 Public IP & other private IP(192.168.100.0/24), now when i removed the fastethernet cable on the router, i could able to ping 192.168.87.1 which is pointing towards my ISP. so how do i restrict by putting access-list in my router for that particular network(192.168.87.0/24)?

Purple

Re: WAN problem

Hi,

If you wish to deny traffic to 192.168.87.0/24, do the following:

access-list 101 deny ip any 192.168.87.0 0.0.0.255

access-list 101 permit ip any any

!

int serial0 ! use your serial interface number

ip access-group 101 out

!

Hope that helps - pls rate the post if it does.

Paresh

Re: WAN problem

Thanks a lot, it works fine.

102
Views
0
Helpful
4
Replies