?
Solved

Access-List Help!!

Posted on 2005-04-25
2
Medium Priority
?
197 Views
Last Modified: 2010-04-17
Hi - this is my access list:

Extended IP access list inbound
    deny ip 127.0.0.0 0.255.255.255 any
    deny ip 192.0.2.0 0.0.0.255 any
    deny ip host 255.255.255.255 any
    deny ip 10.0.0.0 0.255.255.255 any (135 matches)
    deny ip 172.16.0.0 0.15.255.255 any (99 matches)
    deny ip 192.168.0.0 0.0.255.255 any (495 matches)
    permit ip host 216.57.131.213 host 216.57.131.214 (70144 matches)
    deny ip any host 216.57.131.214 (11161 matches)
    deny ip any host 131.239.49.2 (285 matches)
    deny ip any host 131.239.49.3 (285 matches)
    deny ip any host 131.239.49.4 (1784 matches)
    permit ip any 131.239.49.0 0.0.0.255 (11505953 matches)
    permit ip host 216.57.128.10 host 216.57.131.214
    permit ip host 216.57.130.10 host 216.57.131.214
    permit ip host 216.126.50.73 host 216.57.131.214
    permit icmp host 216.57.128.10 host 216.57.131.214
    permit icmp host 216.57.130.10 host 216.57.131.214
    permit icmp host 216.126.50.73 host 216.57.131.214
    permit icmp host 217.150.108.98 any echo

I want ICMP to work for the specified hosts, however it doesn't.

Any ideas?

James.
0
Comment
Question by:jh_007
2 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 2000 total points
ID: 13857569
Are you trying to ping host 216.57.131.214 ?
Try adding a final entry to the acl with "log"
   deny ip any any log

This is a great troubleshooting tool to help see what gets denied.

You actually have a deny before you have your permits

    permit ip host 216.57.131.213 host 216.57.131.214 (70144 matches)
    deny ip any host 216.57.131.214 (11161 matches) <=== this deny prevents ICMP
    deny ip any host 131.239.49.2 (285 matches)
    deny ip any host 131.239.49.3 (285 matches)
    deny ip any host 131.239.49.4 (1784 matches)
    permit ip any 131.239.49.0 0.0.0.255 (11505953 matches)
    permit ip host 216.57.128.10 host 216.57.131.214  <== ICMP permit here is after the deny above
    permit ip host 216.57.130.10 host 216.57.131.214  <==    "

0
 
LVL 1

Author Comment

by:jh_007
ID: 13857613
Ahh thanks for your reply.

I had wondered if this was indeed the case.

Will check out and report back!

Regards, James.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question