Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
747
Views
5
Helpful
4
Replies

ACL Trouble

Go to solution
Piers
Level 1
Level 1

‎03-16-2020 12:45 AM

image.png

Hello there please help me, I'm learning about ACL and using the standard in the trials that I do. I think it works but it's different from what I expected, I want the server to ping the client but the client can't ping the server and what I get is that the server and client won't ping each other. Anyone can tell me what's wrong, I'm very confused. This is the topology that I made, please check.

Labels:
Test ACL.zip
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Georg Pauwen
VIP
VIP

‎03-16-2020 01:44 AM

Hello,

 

you could configure CBAC (Context Based Access Control) on R2. The config would look like below (important parts marked in bold). The revised .pkt file is attached.

 

Building configuration...

Current configuration : 827 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
ip cef
no ipv6 cef
!
ip inspect name ICMP icmp timeout 10
spanning-tree mode pvst
!
interface FastEthernet0/0
ip address 192.168.2.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 12.12.12.2 255.255.255.252
ip access-group BLOCK_ALL in
ip inspect ICMP out
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
ip classless
ip route 192.168.1.0 255.255.255.0 12.12.12.1
!
ip flow-export version 9
!
ip access-list extended BLOCK_ALL
deny ip any any
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end

View solution in original post

Test ACL_REV.zip
4 Replies 4

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎03-16-2020 01:32 AM

i do not have packet tracer to test your Zip file.

 

you can use established syntax for who intiate the connection

 

Look at the example : 

Example: Allowing SMTP E-mail and Established TCP Connections

 

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_data_acl/configuration/xe-3s/sec-data-acl-xe-3s-book/sec-create-ip-apply.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP

‎03-16-2020 01:44 AM

Hello,

 

you could configure CBAC (Context Based Access Control) on R2. The config would look like below (important parts marked in bold). The revised .pkt file is attached.

 

Building configuration...

Current configuration : 827 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
ip cef
no ipv6 cef
!
ip inspect name ICMP icmp timeout 10
spanning-tree mode pvst
!
interface FastEthernet0/0
ip address 192.168.2.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 12.12.12.2 255.255.255.252
ip access-group BLOCK_ALL in
ip inspect ICMP out
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
ip classless
ip route 192.168.1.0 255.255.255.0 12.12.12.1
!
ip flow-export version 9
!
ip access-list extended BLOCK_ALL
deny ip any any
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end

Test ACL_REV.zip

Go to solution
Piers
Level 1
Level 1
In response to Georg Pauwen

‎03-16-2020 02:19 AM

Cam you give me ScreenShots Sir?

0 Helpful

Go to solution
Piers
Level 1
Level 1
In response to Georg Pauwen

‎03-16-2020 02:32 AM

Thank you, sir, for your help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card