Solved

Access List

Posted on 2008-09-30
2
340 Views
Last Modified: 2012-05-05
I created a Access-list called blockserver,

extended ip access list blockserver
permit ip host 190.150.142.70 host 192.168.62.27
deny ip host 192.168.62.27 host 190.150.142.70
permit ip any any

Also the cisco has two gateways 190.150.142.99 and 192.168.62.1

When I ping from computer (192.168.62.27) to computer (190.150.142.70), the cisco blocks.  Which I want. The deny statement matches 4 times.

However, when I ping from computer(190.150.142.70) to computer (192.168.62.27), the cisco also blocks.  Which I do not want.  The permit statement matches 4 times and the deny matches 4 times.

I want to be able to let computer (190.150.142.70) ping computer (192.168.62.27) and stop computer (192.168.62.27)  from pinging computer (190.150.142.70).
0
Comment
Question by:kevingattis
2 Comments
 
LVL 33

Accepted Solution

by:
MikeKane earned 125 total points
ID: 22608378
You would need to allow icmp echo-reply back through.   The DENY is catching the echo and blocking it.

try this instead:
permit ip host 190.150.142.70 host 192.168.62.27
permit icmp host 192.168.62.27 host 190.150.142.70 echo-reply
deny ip host 192.168.62.27 host 190.150.142.70
permit ip any any
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22608448
That is right. You need an ACE allowing pings to get through. echo-reply should work but if it doesn't just add another rule that uses echo and that should do it.
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco Supervisor upgrade to 2T 3 65
inserting an ACL line Cisco IOS XR Software, Version 5.3.3 2 38
eigrp routing loop 5 38
Cisco ASA 3 25
From Cisco ASA version 8.3, the Network Address Translation (NAT) configuration has been completely redesigned and it may be helpful to have the syntax configuration for both at a glance. You may as well want to read official Cisco published AS…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now