• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 198
  • Last Modified:

Access-List Help!!

Hi - this is my access list:

Extended IP access list inbound
    deny ip 127.0.0.0 0.255.255.255 any
    deny ip 192.0.2.0 0.0.0.255 any
    deny ip host 255.255.255.255 any
    deny ip 10.0.0.0 0.255.255.255 any (135 matches)
    deny ip 172.16.0.0 0.15.255.255 any (99 matches)
    deny ip 192.168.0.0 0.0.255.255 any (495 matches)
    permit ip host 216.57.131.213 host 216.57.131.214 (70144 matches)
    deny ip any host 216.57.131.214 (11161 matches)
    deny ip any host 131.239.49.2 (285 matches)
    deny ip any host 131.239.49.3 (285 matches)
    deny ip any host 131.239.49.4 (1784 matches)
    permit ip any 131.239.49.0 0.0.0.255 (11505953 matches)
    permit ip host 216.57.128.10 host 216.57.131.214
    permit ip host 216.57.130.10 host 216.57.131.214
    permit ip host 216.126.50.73 host 216.57.131.214
    permit icmp host 216.57.128.10 host 216.57.131.214
    permit icmp host 216.57.130.10 host 216.57.131.214
    permit icmp host 216.126.50.73 host 216.57.131.214
    permit icmp host 217.150.108.98 any echo

I want ICMP to work for the specified hosts, however it doesn't.

Any ideas?

James.
0
jh_007
Asked:
jh_007
1 Solution
 
lrmooreCommented:
Are you trying to ping host 216.57.131.214 ?
Try adding a final entry to the acl with "log"
   deny ip any any log

This is a great troubleshooting tool to help see what gets denied.

You actually have a deny before you have your permits

    permit ip host 216.57.131.213 host 216.57.131.214 (70144 matches)
    deny ip any host 216.57.131.214 (11161 matches) <=== this deny prevents ICMP
    deny ip any host 131.239.49.2 (285 matches)
    deny ip any host 131.239.49.3 (285 matches)
    deny ip any host 131.239.49.4 (1784 matches)
    permit ip any 131.239.49.0 0.0.0.255 (11505953 matches)
    permit ip host 216.57.128.10 host 216.57.131.214  <== ICMP permit here is after the deny above
    permit ip host 216.57.130.10 host 216.57.131.214  <==    "

0
 
jh_007Author Commented:
Ahh thanks for your reply.

I had wondered if this was indeed the case.

Will check out and report back!

Regards, James.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: C++ 11 Fundamentals

This course will introduce you to C++ 11 and teach you about syntax fundamentals.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now