[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Firewall rule to allow access to new subnet

Posted on 2011-04-18
5
Medium Priority
?
383 Views
Last Modified: 2012-05-11
Hi,
Can someone please help me with this? I can’t seem to get my firewall rule to work.
We have an existing network 153.87.180.0 and I want to allow a new subnet 172.24.0.0 to access servers on this network. I have added this rule (using Cisco SDM)

permit source network 172.24.0.0 mask 0.0.255.255 protocol ip destination network 153.87.180.0 mask 0.0.0.255

But I still can’t ping a computer on the 172.24.0.0 network from the 153.87.180.0 network? What have I missed?
0
Comment
Question by:dee_nz
  • 3
5 Comments
 
LVL 3

Expert Comment

by:fritz5150
ID: 35421036
You will also have to setup a nat exempt statement to allow access.
0
 
LVL 10

Expert Comment

by:ujitnos
ID: 35421496
For the traffic traveling from Public to Private Ip ranges (When u ping from 153 range to 172.24 range), you will have to do a NAT .. and that too a Static NAT. Form a public network you cannot ping a Private IP.
0
 
LVL 4

Author Comment

by:dee_nz
ID: 35429083
Hi, thanks for your comments.
Can you please give me an example of a nat exempt rule that would allow the 153.87.180.0 network access to the 172.24.0.0 network?
0
 
LVL 4

Accepted Solution

by:
dee_nz earned 0 total points
ID: 35517626
Turns out the firewall rules I created were correct but there was a problem with the router configuration at the other end.
0
 
LVL 4

Author Closing Comment

by:dee_nz
ID: 35714908
Found my own solution, thanks.
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question