Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1140
Views
0
Helpful
6
Replies

Problem ACL "Request Timeout"

samuelm
Level 1
Level 1

‎04-12-2024 01:42 AM

I'm experiencing 'request timeout' when trying to ping external destinations from my network. The issue occurs when ACLs are enabled on my router. It's perplexing as to why this happens. Any suggestions or insights on resolving this issue would be greatly appreciated.

Here my network (its for school) : 

samuelm_0-1712910341052.png

So basicly i've been asked to denies tcp connection from outside but allow from inside (sorry for english i'm French) 
R_Int config : 

samuelm_1-1712911057310.png

samuelm_2-1712911073322.png

FAI config : 

samuelm_3-1712911116144.png

 

Thanks in advance. 

 

 

Labels:
0 Helpful
6 Replies 6

samuelm
Level 1
Level 1

‎04-12-2024 01:54 AM

I have tried other ACL conf for access-list 102 like : 
access-list 102 permit tcp any 201.49.10.0 0.0.0.255 established

access-list 102 deny tcp any any

or :

access-list 102 permit tcp any 192.168.0.0 0.0.0.255 established

access-list 102 deny tcp any any

And as always when the acl is not here i can access my server web but when i put the acl i have "request timeout" 

0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame

‎04-12-2024 07:10 AM

Ping doesn't use TCP, so you're probably (I haven't really analyzed what you're doing) are effectively blocking it. Also don't forget an ACL ends with an implied deny all 

0 Helpful

Georg Pauwen
VIP
VIP

‎04-14-2024 05:53 AM

Bonjour,

pouvez-vous publier votre fichier compressé de projet Packet Tracer (.pkt) ?

0 Helpful

samuelm
Level 1
Level 1
In response to Georg Pauwen

‎04-14-2024 01:26 PM

Bonsoir,
Oui le voici, pour plus de précisions en gros ce que je dois faire c'est faire une ACL qui empêche mon réseau interne (a droite) de recevoir des packets tcp. Le réseau interne peut quand même envoyer des packets tcp vers internet. Bonne soirée

PPE_4_NAT.zip
0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to samuelm

‎04-14-2024 02:35 PM

I'm now confused.  Understand you only want to allow TCP outbound, but your OP notes issue with pings.  So, only TCP outbound allowed, and if so, what's the issues with pings?  (Again, if you ping inside to outside, ping is not TCP.)

0 Helpful

samuelm
Level 1
Level 1
In response to Joseph W. Doherty

‎04-15-2024 09:50 AM

Hello, ty it was a misanderstanding from me basically i was thinking ping is include in tcp so i made so changes :
access-list 102 permit tcp any 192.168.0.0 0.0.0.255 established
access-list 102 deny tcp any any
access-list 102 permit ip any any 

and now it ping well so my problem right now is : 
i cant connect to my Web server (S-Web) with my internal network (192.168.0.0) 

Here the updated packet tracer : 

PPE 4 NAT.zip
0 Helpful
Customers Also Viewed These Support Documents
Top