Hi,
I have a router up and running, I am just trying to add a access list rule to allow TFTP (for backing up IOS etc),
It sounds simple but I cannot get it to work, spent ages fiddling around now, it works if i disable the access list from the dilaer interface so i know it where the problem is, enclosed is the config for the affected areas,
interface Dialer1
bandwidth 800
ip address negotiated
ip nat outside
ip inspect swd out
ip access-group 111 in
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname xxxxxxxxxxxxxxxxxxx
ppp chap password xxxxxxxxxxxxxxxxxxx
ppp pap sent-username xxxxxxxxxxxxxxxxxx password xxxxxxxxxxx
service-policy output qos-policy
hold-queue 224 in
access-list 111 permit esp any any
access-list 111 permit udp any eq domain any
access-list 111 permit tcp any eq domain any
access-list 111 permit gre any any
access-list 111 permit udp any any eq isakmp
access-list 111 permit icmp any any echo
access-list 111 permit icmp any any echo-reply
access-list 111 permit tcp any any eq 1723
access-list 111 permit udp any any eq 1723
access-list 111 permit tcp host 1.1.1.1 host 2.2.2.2 eq 22
access-list 111 permit tcp host 1.1.1.1 host 2.2.2.2 eq telnet
access-list 111 permit udp host 1.1.1.1 host 2.2.2.2 eq tftp
access-list 111 permit udp any any eq tftp
access-list 111 permit udp any any eq non500-isakmp
access-list 111 deny ip any any log
1.1.1.1 is the remote device and 2.2.2.2 is the dilaer interface ip address, please help it's driving me nuts, to make matter worse the telnet and ssh rules work !!
Thanks guys
Start Free Trial
