10-10-2007 04:18 AM - edited 03-11-2019 04:23 AM
Actualy i can ping from inside to outside with ip 192.168.101.11, but can't ping from ip 192.168.101.123.I have also post the running config.Plz reply back asap.
thanks
10-11-2007 05:42 AM
This is because you have an Access-list set INBOUND on your inside interface and you do not have a permit statement to allow traffic to the address (192.168.101.123). You need to add the IP address or an Object group that it is listed in to the "inside_access_in" access-list.
Example
access-list inside_access_in extended permit ip object-group MailDNS object-group xxxxx
access-list inside_access_in extended permit ip host 192.168.101.123 object-group xxxxx
access-list inside_access_in extended permit ip object-group MailDNS1 ip host xxxxx
You will need to do this because the way your access-list reads you will block all IP traffic that is not implicitly allowed BEFORE you allow ICMP from any to any. So you will need to allow IP traffic from that address first or you will need to change the position of your two lines....
access-list inside_access_in extended deny ip any any
access-list inside_access_in extended permit icmp any any
to be....
access-list inside_access_in extended permit icmp any any
access-list inside_access_in extended deny ip any any
10-15-2007 03:25 AM
After modification (according to u), it is not working means still ip x.x.x.123 is not working, but other ip is working fine.Plz relpy asap.
10-15-2007 04:43 AM
Did you add it to the object group and put the object group in your INBOUND IN access list? Or did you just add an entry for it alone?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: