argh!!! more acl issues

argh!!! more acl issues
NewsGroups | Search | Tools
User Password
Register Now! Lost Password?
 comp.dcom.sys.cisco  Post an article  get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content  add this group's latest topics to your Google content  YahooMyWeb Yahoo!  Google Google  Windows Live Favorites Windows Live  del.icio.us del.icio.us  digg digg  Add to Netscape Netscape
Subject Author Date
argh!!! more acl issues David Hodgson 08-16-2004
Posted by David Hodgson on August 16, 2004, 4:46 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Hi folks,

I have..

Interface e2/2
ip access-group 100 out

access-list 100 permit tcp host 1.1.1.1 host 2.2.2.2 eq 22

this allows only traffic inward from 1.1.1.1 to 2.2.2.2 using ssh, but
2.2.2.2 cannot see outward now, it is directly connected to the web and it
can't see anything on any port.

I tried to add the following commands ( keeping the original commands)

interface e2/2
ip access-group 101 in

access-list 101 permit ip any any

didn't work

am I doing this right?

thanks
Dave




Network Magic Graduation 20% off animated banner
Posted by Doan on August 16, 2004, 1:01 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
On Mon, 16 Aug 2004, David Hodgson wrote:

> Hi folks,
>
> I have..
>
> Interface e2/2
> ip access-group 100 out
>
> access-list 100 permit tcp host 1.1.1.1 host 2.2.2.2 eq 22
>
> this allows only traffic inward from 1.1.1.1 to 2.2.2.2 using ssh, but
> 2.2.2.2 cannot see outward now, it is directly connected to the web and it
> can't see anything on any port.
>
> I tried to add the following commands ( keeping the original commands)
>
> interface e2/2
> ip access-group 101 in
>
> access-list 101 permit ip any any
>
> didn't work
>
> am I doing this right?
>
> thanks
> Dave
>
You forgot the implicit deny all at the end of every acl. You have to
change your ACL 100.

Doan




Posted by slipstream_242 on August 16, 2004, 8:58 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
don't forget there is an implicit deny all unless you put permit any any in
there


> Hi folks,
>
> I have..
>
> Interface e2/2
> ip access-group 100 out
>
> access-list 100 permit tcp host 1.1.1.1 host 2.2.2.2 eq 22
>
> this allows only traffic inward from 1.1.1.1 to 2.2.2.2 using ssh, but
> 2.2.2.2 cannot see outward now, it is directly connected to the web and it
> can't see anything on any port.
>
> I tried to add the following commands ( keeping the original commands)
>
> interface e2/2
> ip access-group 101 in
>
> access-list 101 permit ip any any
>
> didn't work
>
> am I doing this right?
>
> thanks
> Dave
>
>




Similar ThreadsPosted
pix device manager ARGH!!!!! February 16, 2006, 10:08 am
PIX DMZ issues December 3, 2004, 5:02 pm
PIX 501 Issues February 18, 2005, 9:22 am
NBX 100 Issues March 21, 2005, 12:17 pm
503 dmz+vpn issues December 14, 2005, 11:19 am
503 dmz+vpn issues December 14, 2005, 11:19 am
NAT issues March 12, 2007, 9:29 pm
VPN Issues on 837 March 23, 2007, 9:08 am
ASA OS QA issues?? May 30, 2007, 1:18 pm
BGP issues June 27, 2008, 3:59 pm

other useful resources:
The Federal Communications Commission (FCC)
Telecommunications Industry Association
Electronic and Software Security Products and Services
International Telecommunication Union

Custom CGI Perl and PHP programming by 1-Script.com

Contact Us | Privacy Policy
The site map in XML format XML site map