12-10-2022 01:59 AM
Hello! I have run into a problem with pings. I have 3 networks on 3 vlans: students, servers and admin.
Students network is 192.168.1.0, servers network is 192.168.2.0 and admin network is 192.168.3.0.
The following config is working as intended except when I try to ping the student network from any of the other networks which blocks the icmp reply unless I add
permit icmp 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255
or
permit icmp host 192.168.1.10 any
witch defeats the purpose of denying pings from the student network
Extended IP access list servers
10 permit tcp 192.168.1.0 0.0.0.255 host 192.168.2.12 eq smtp
20 permit tcp 192.168.1.0 0.0.0.255 host 192.168.2.12 eq pop3
30 permit tcp 192.168.1.0 0.0.0.255 host 192.168.2.10 eq www
40 permit tcp 192.168.3.0 0.0.0.255 host 192.168.2.10 eq www
50 permit tcp 192.168.3.0 0.0.0.255 host 192.168.2.12 eq pop3
60 permit tcp 192.168.3.0 0.0.0.255 host 192.168.2.12 eq smtp
70 permit icmp 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255
80 permit tcp host 192.168.3.11 eq www any
90 deny ip any any
100 deny tcp any any
Extended IP access list admin
10 permit tcp 192.168.2.0 0.0.0.255 host 192.168.3.11 eq www
20 permit tcp host 192.168.2.10 eq www any
30 permit tcp host 192.168.2.12 eq smtp any
40 permit tcp host 192.168.2.12 eq pop3 any
50 permit icmp 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255
60 deny ip any any
70 deny tcp any any
Thanks!
Solved! Go to Solution.
12-10-2022 02:04 AM
permit icmp 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255 echo-reply <<- this only you need to end of your permit ACL line
12-10-2022 02:04 AM
permit icmp 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255 echo-reply <<- this only you need to end of your permit ACL line
12-10-2022 02:13 AM
Wow thanks, now i feel pretty stupid!
12-10-2022 02:06 AM
@christoffer92 What interface(s) have you applied the ACL and in which direction? Provide the configuration.
You could just permit echo-reply instead of icmp.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide