Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 349
  • Last Modified:

Access List

I created a Access-list called blockserver,

extended ip access list blockserver
permit ip host 190.150.142.70 host 192.168.62.27
deny ip host 192.168.62.27 host 190.150.142.70
permit ip any any

Also the cisco has two gateways 190.150.142.99 and 192.168.62.1

When I ping from computer (192.168.62.27) to computer (190.150.142.70), the cisco blocks.  Which I want. The deny statement matches 4 times.

However, when I ping from computer(190.150.142.70) to computer (192.168.62.27), the cisco also blocks.  Which I do not want.  The permit statement matches 4 times and the deny matches 4 times.

I want to be able to let computer (190.150.142.70) ping computer (192.168.62.27) and stop computer (192.168.62.27)  from pinging computer (190.150.142.70).
0
kevingattis
Asked:
kevingattis
1 Solution
 
MikeKaneCommented:
You would need to allow icmp echo-reply back through.   The DENY is catching the echo and blocking it.

try this instead:
permit ip host 190.150.142.70 host 192.168.62.27
permit icmp host 192.168.62.27 host 190.150.142.70 echo-reply
deny ip host 192.168.62.27 host 190.150.142.70
permit ip any any
0
 
PugglewuggleCommented:
That is right. You need an ACE allowing pings to get through. echo-reply should work but if it doesn't just add another rule that uses echo and that should do it.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

What Kind of Coding Program is Right for You?

There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now