two 2501 Routers?

Hey every1.
Can anyone explain how to setup an access-list or Group on a 2501 Cisco Router?(explanation)
Regards,
pixer77Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

rshooper76Commented:
Here is a sample access list and how to set it up on your interface.

access-list 120 permit tcp any any established
access-list 120 deny   ip 192.168.100.0 0.0.0.255 any
access-list 120 permit icmp any host [your public IP Address] echo-reply
access-list 120 permit icmp any host [your public IP Address] time-exceeded
access-list 120 permit icmp any host [your public IP Address] unreachable
access-list 120 deny   ip 10.0.0.0 0.255.255.255 any
access-list 120 deny   ip 172.16.0.0 0.15.255.255 any
access-list 120 deny   ip 192.168.0.0 0.0.255.255 any
access-list 120 deny   ip 127.0.0.0 0.255.255.255 any
access-list 120 deny   ip host 255.255.255.255 any
access-list 120 deny   ip host 0.0.0.0 any
access-list 120 deny   ip any any log-input

This access list will bock everything that comes into the router from the outside, unless it was initiated from the inside.  Let me kow what traffic you want to come in and out of the router and I can refine the access-list for you.

Here is how to apply it to an interface.  Assume Ethernet1 is your outside interface and we want the access-list to look at traffic comming into it.

interface Ethernet1
 ip access-group 120 in

Access-lists can get complicated, and the one I provided is very simple.  Let me know more about what you want to do and I can help you out.
0
pixer77Author Commented:
hi....

(router 2503)  Eth0 -> 192.168.1.253   Serial0 -> 192.1.0.1

access-list 120 permit tcp any any established
access-list 120 permit icmp any any echo-reply
access-list 120 permit icmp any any time-exceeded
access-list 120 permit icmp any any unreachable
access-list 120 permit icmp any any

interface Ethernet0
 ip access-group 120 in
 ip access-group 120 out


(router2501)   Eth0 -> 192.168.0.253   Serial0 -> 192.1.0.2

access-list 120 permit tcp any any established
access-list 120 permit icmp any any echo-reply
access-list 120 permit icmp any any time-exceeded
access-list 120 permit icmp any any unreachable
access-list 120 permit icmp any any

interface Ethernet0
 ip access-group 120 in
 ip access-group 120 out



when i try to ping a computer  from ntework 192.168.0.0 i still cant ping a computer in network 192.168.1.0......

any idea why is not working ???
         
0
rshooper76Commented:
Can you send me your ip route statements?
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

pixer77Author Commented:
(2503)
LM-10#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
       U - per-user static route, o - ODR

Gateway of last resort is not set

C    192.168.1.0/24 is directly connected, Ethernet0
C    192.1.0.0/24 is directly connected, Serial0


(2051)
LM-20#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default

Gateway of last resort is not set

C    192.168.0.0 is directly connected, Ethernet0
C    192.1.0.0 is directly connected, Serial0
0
rshooper76Commented:
I was actually looking for the IP Route statements you put in the router.  You will need to add a route to each router to tell it how to get to the other router.

router 2503
ip route 0.0.0.0 0.0.0.0 Serial0
ip route 192.168.0.0 255.255.255.0 192.1.0.2

router 2501
ip route 0.0.0.0 0.0.0.0 Serial0
ip route 192.168.1.0 255.255.255.0 192.1.0.1

I assume you have a serial cable running between the 2 routers?

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
pixer77Author Commented:
thx man!!!!!!!!!
0
rshooper76Commented:
Are you new to Cisco?  If so I can point you to some material that will really help you out.
0
pixer77Author Commented:
hey......now ive got another problem......i am trying to implement a system for point-to-multipoint distribution of video content ....but i dont know how to do it using these two routers(2503-2501)....have u got any clue???
0
rshooper76Commented:
Can you give me some more details on this?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking Protocols

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.