Pb access-list Catalyst 4507r

hassanimagid · ‎09-16-2006

Hi

I have 2 vlan : 192.168.38.0 and 192.168.31.0.

In the 38.0 network, I have an exchange server.

And in the 31.0 network, I have a clients(microsoft outlook).

The pb is when i configure the access-list, the client start a 135 port communication but it don't have an answer.

But if i open the all port, it's Ok.

Here, my access-list.

Could you confirm if it's ok

in advance, Thank you

///////

access-list 131 remark sur interface vlan 31 Client NB

access-list 131 permit ip any 192.168.31.0 0.0.0.255

access-list 131 permit tcp any host 192.168.38.203 eq 135

access-list 131 permit icmp any 192.168.38.0 0.0.0.255

access-list 131 deny ip any any

access-list 138 remark sur interface vlan 38 Bureautique

access-list 138 permit ip any 192.168.38.0 0.0.0.255

access-list 138 permit icmp any 192.168.31.0 0.0.0.255

access-list 138 deny ip any any

///

amit-singh · ‎09-16-2006

Hi,

Try adding the following ACE in the access-list 138

access-list 131 permit ip host 192.168.38.203 192.168.31.0 0.0.0.255

HTH,

-amit singh

hassanimagid · ‎09-16-2006

Hi,

Thank you very much.

When i see with the ethereal soft, the client need to open a range port(>1024).

Please give me the access-list

In advance thanks!!