Solved

Frustrating Cisco Access list problom

Posted on 2008-06-23
3
843 Views
Last Modified: 2012-05-05
Hi,

I have a router up and running, I am just trying to add a access list rule to allow TFTP (for backing up IOS etc),
It sounds simple but I cannot get it to work, spent ages fiddling around now, it works if i disable the access list from the dilaer interface so i know it where the problem is, enclosed is the config for the affected areas,

interface Dialer1
 bandwidth 800
 ip address negotiated
 ip nat outside
 ip inspect swd out
 ip access-group 111 in
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication chap pap callin
 ppp chap hostname xxxxxxxxxxxxxxxxxxx
 ppp chap password xxxxxxxxxxxxxxxxxxx
 ppp pap sent-username xxxxxxxxxxxxxxxxxx password xxxxxxxxxxx
 service-policy output qos-policy
 hold-queue 224 in



access-list 111 permit esp any any
access-list 111 permit udp any eq domain any
access-list 111 permit tcp any eq domain any
access-list 111 permit gre any any
access-list 111 permit udp any any eq isakmp
access-list 111 permit icmp any any echo
access-list 111 permit icmp any any echo-reply
access-list 111 permit tcp any any eq 1723
access-list 111 permit udp any any eq 1723
access-list 111 permit tcp host 1.1.1.1 host 2.2.2.2 eq 22
access-list 111 permit tcp host 1.1.1.1 host 2.2.2.2 eq telnet
access-list 111 permit udp host 1.1.1.1 host 2.2.2.2 eq tftp
access-list 111 permit udp any any eq tftp
access-list 111 permit udp any any eq non500-isakmp
access-list 111 deny   ip any any log


1.1.1.1 is the remote device and 2.2.2.2 is the dilaer interface ip address, please help it's driving me nuts, to make matter worse the telnet and ssh rules work !!

Thanks guys
0
Comment
Question by:webleyaxsor
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 50

Accepted Solution

by:
Don Johnston earned 250 total points
ID: 21845121
If you're backing up the IOS, then the router is communicating with the server. The responses will be coming FROM the TFTP server.

Change the line:
access-list 111 permit udp host 1.1.1.1 host 2.2.2.2 eq tftp

To read:
access-list 111 permit udp host 1.1.1.1 eq tftp host 2.2.2.2
0
 

Author Comment

by:webleyaxsor
ID: 21976269
thanks, worked a treat
0
 

Author Comment

by:webleyaxsor
ID: 21976296
thans for your help
0

Featured Post

[Webinar] Learn How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them. Thursday, July 13, 2017 10:00 A.M. PDT

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello , This is a short article on how would you go about enabling traceoptions on a Juniper router . Traceoptions are similar to Cisco debug commands but these traceoptions are implemented in Juniper networks router . The following demonstr…
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses
Course of the Month6 days, 19 hours left to enroll

622 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question