Hi,

We have a internet Router with the IP adress 210.x.x.x and a HP Openview box with the IP address 10.x.x.x, given below is the ACL on the router,

access-list 101 deny ip 127.0.0.0 0.255.255.255 any

access-list 101 deny ip 10.0.0.0 0.255.255.255 any

access-list 101 deny ip 172.16.0.0 0.15.255.255 any

access-list 101 deny ip 192.168.0.0 0.0.255.255 any

access-list 101 deny ip 224.0.0.0 0.0.255.255 any

access-list 101 deny ip host 0.0.0.0 any

access-list 101 deny icmp any any echo

access-list 101 deny icmp any any echo-reply

access-list 101 deny icmp any any timestamp-request

access-list 101 deny icmp any any traceroute

access-list 101 deny 53 any any

access-list 101 deny 55 any any

access-list 101 deny 77 any any

access-list 101 deny 103 any any

access-list 101 deny tcp any any eq 707

access-list 101 deny tcp any any eq chargen

access-list 101 deny udp any any eq 19

access-list 101 deny tcp any any eq echo

access-list 101 deny udp any any eq echo

access-list 101 deny tcp any any eq 135

access-list 101 deny udp any any eq 135

access-list 101 deny udp any any eq tftp

access-list 101 deny udp any any eq netbios-ns

access-list 101 deny udp any any eq netbios-dgm

access-list 101 deny tcp any any eq 139

access-list 101 deny udp any any eq 139

access-list 101 deny tcp any any eq 445

access-list 101 deny tcp any any eq 593

access-list 101 deny tcp any any eq 4444

access-list 101 permit ip any any

We want to allow access ICMP and SNMP to the 10.x.x.x box,

I tried adding the ACL's

access-list 101 permit icmp host 210.x.x.x host 10.x.x.x echo

access-list 101 permit icmp host 210.x.x.x host 10.x.x.x echo-reply

access-list 101 permit udp host 210.x.x.x host 10.x.x.x eq snmp

Once I apply the ACL's i am unable to ping from the 10.x.x.x box to the 210.x.x.x router, without the ACL I can.

Please help

Sai.