Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
369
Views
0
Helpful
1
Replies

acl's

josephhancock
Level 1
Level 1

‎08-07-2006 08:05 AM - edited ‎03-03-2019 01:34 PM

Just recently took over like 7 cisco routers 2 voip systems and 12 switches in our network.

I have my CCNA but i am confused to my knowledge acl's have to be assigned to something and a recent problem( doing backups from a remote location across a tunnel is bringing up a message saying communications lost. I have done this with a ping going accross the tunnel to the server that i am backing up and according to the ping my tunnel is still up. so i though maybe a acl is blocking it. when i run back up at about 2min and 30 sec it stopping but it has not sent one byte.)So i look at the acls on the remote router and none are assigned anywhere. Is this some sort of CCNP configuration going on? to my knowledge all acls have to be assigned to a interface for in/out traffic.

Here are the acl's

Extended IP access list 101

10 permit tcp host 10.3.250.2 any eq ftp

20 permit tcp host 10.3.250.2 any eq ftp-data

30 permit tcp any eq ftp host 10.3.250.2

40 permit tcp any eq ftp-data host 10.3.250.2

Extended IP access list 102

10 permit ip 10.3.10.0 0.0.0.255 any

Extended IP access list 111

10 permit ip 10.0.0.0 0.0.0.255 any

20 deny ip any any

Extended IP access list 130

10 deny ip 10.3.10.0 0.0.0.255 10.2.0.0 0.0.255.255 (484 matches)

20 permit ip 10.3.10.0 0.0.0.255 any (1792934 matches)

Extended IP access list 140

10 permit gre host 63.104.242.2 host 209.194.196.130 (5460262 matches)

Extended IP access list 141

10 permit ip 10.3.10.0 0.0.0.255 10.2.0.0 0.0.255.255

20 deny ip any any

But like i said they are not assigned to any interface. Can anyone explain why these are not assigned to anything.

If they are doing something should i make or add on to a acl allowing trafic to and from the server ip that i want to back up?

Thanks in advance from the rookie of the year.

Labels:
0 Helpful
1 Reply 1

gpulos
Level 8
Level 8

‎08-07-2006 09:33 AM

correct, an ACL must be assigned to an interface for an interface to use it to filter traffic.

as to answering "why these ACLs are not assigned...", i don't think we can tell you why your hardware is not configured a certain way.

looking at your posted output of ACLs it is clear that 10 & 20 are in use on at least one interface.

it will be helpful if you can paste your router configuration minus sensative data if you can.

you may very well need an ACL to allow access to backup the server. we cannot tell from this point, need configuration info as well as a 'show ip route' output for starters. this will allow us to create an ACL to fit your topology.

0 Helpful
Customers Also Viewed These Support Documents