routing issue

Posted on 2011-10-26
Last Modified: 2012-08-13
My workstation is connected to the switch and i have a router connected to the switch. The default route from router points to
the fa0/1 of the router is
from router i can ping .21
from my workstation i can ping the .20 interface of the router but i cannot ping the "other" side .128.21

when i do tracert from the workstation , icmp makes it to the router but it dies there.....

i was told that in order to hit .21 network i have to create access list so to connect to the following ports.

UDP destination ports 48129-48137
and TCP destination ports


any ideas  on how to create these access lists??
Question by:c_hockland
    LVL 17

    Expert Comment

    What router are you using?

    Author Comment

    cisco 2600
    and doesnt take the distribution-list comand...
    LVL 18

    Accepted Solution

    The first question, before you even think about ACLs, is does the destination router know where to send return traffic?  If you're not advertising a route for the subnet that the host is sitting on from .20 to the .21 router, then .21 may not know where to find that host's subnet, and it may be just dropping the traffic because it doesn't have a route.  The fact that you can ping from the .20 router is because the traffic is originating on the directly connected subnet, so .21 knows where that is.

    Start there and then we'll look at whether adjustments to ACLs are needed.  There is no "distribution-list" command.  What you're thinking of is a distribute-list, which is used to filter what routes are sent or received by a routing protocol.

    Author Comment

    u r right . My router .20 doesnt advertise any network outside. So .21 doesnt know how to return.
    Do i need to NAT my IP's or how else can i advertise ? Using eigrp maybe ?
    LVL 17

    Assisted Solution

    I would agree with jmeggers that routes would need to be added to the .21 router. That can be done using a routing protocol or adding static routes to the .21 router.

    Author Comment

    They folks at .21 netwok asked me to add these on my router ( based on Ports traffic)
    but i cannot use the distribute-list on my router

    ip prefix-list ABC seq 5 permit le 32
    ip prefix-list ABC seq 10 permit le 32
    ip prefix-list ABC seq 15 permit le 32
    ip prefix-list ABC seq 20 permit le 32
    ip prefix-list ABC seq 25 permit le 32

    distribute-list prefix ABC out int fa0/1
    LVL 18

    Expert Comment

    A prefix-list is usually configured in the routing protocol itself, not in the general configuration.  As in:

    ip prefix-list  ABC  seq 5 permit

    router bgp 300
     neighbor remote-as 100
     neighbor  prefix-list  ABC in

    What routing protocol are you running?

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
    Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now