We help IT Professionals succeed at work.
Get Started

ACL to allow local subnet to ping Cisco 1800 series router

itgb
itgb asked
on
1,312 Views
Last Modified: 2010-04-21
We recently installed two 1841 routers (1 T1 WIC, 1 Eth) and everything is working fine except we cannot telnet or even ping from the local subnet.  These are configured as a site-to-site crossover, basically, so

Site A
  Fa0/0 - 10.1.1.6
  S0/0/0 - 10.1.2.1

Site B
  Fa0/0 - 10.1.2.1
  S0/0/0 - 10.1.1.6

And from Site A I can ping the Site B FastEth port (10.1.2.1), but not the Site A one (10.1.1.6).  Vice-versa at site B.  I'm pretty sure this is due to needing an ACL set up that will allow local access, but when I tried to modify the ACL that comes as a default in the factory configuration I never could get anything different to happen.  (I'm familiar with the PIX OS much more than IOS).  The version of IOS on these is 12.3, if that makes a difference.  Below is an abbreviated version with details modified to protect...somebody.  I'd like to be able to ping both sides of this box, at least.  Ideally, I'd like telnet access from the local subnet only.  Any help greatly appreciated!

...
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CorpToMfg
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no network-clock-participate wic 1
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no aaa new-model
ip subnet-zero
ip cef
!
ip domain name company.com
no ftp-server write-enable
!
controller T1 0/1/0
 framing esf
 linecode b8zs
 channel-group 1 timeslots 1-10 speed 64
 tdm-group 0 timeslots 11-24
!
controller T1 0/1/1
 framing esf
 clock source internal
 linecode b8zs
 tdm-group 0 timeslots 11-24
!
interface FastEthernet0/0
 description Corporate Side
 ip address 10.1.1.6 255.255.255.0
 duplex auto
 speed auto
!
interface Serial0/1/0:1
 description Connection to manufacturing
 mtu 1700
 ip address 10.1.2.1 255.255.255.0
 encapsulation ppp
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/1/0:1
ip http server
ip http authentication local
!
connect t1-xconnect T1 0/1/0 0 T1 0/1/1 0
!
control-plane
!
line con 0
 login local
line aux 0
line vty 0 4
 privilege level 15
 login local
 transport input telnet
line vty 5 15
 privilege level 15
 login local
 transport input telnet
!
end
Comment
Watch Question
Systems Architect
CERTIFIED EXPERT
Top Expert 2008
Commented:
This problem has been solved!
Unlock 1 Answer and 5 Comments.
See Answer
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE