cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
165
Views
5
Helpful
4
Replies
Highlighted
Beginner

ACL Trouble

image.png

Hello there please help me, I'm learning about ACL and using the standard in the trials that I do. I think it works but it's different from what I expected, I want the server to ping the client but the client can't ping the server and what I get is that the server and client won't ping each other. Anyone can tell me what's wrong, I'm very confused. This is the topology that I made, please check.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
VIP Mentor

Re: ACL Trouble

Hello,

 

you could configure CBAC (Context Based Access Control) on R2. The config would look like below (important parts marked in bold). The revised .pkt file is attached.

 

Building configuration...

Current configuration : 827 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
ip cef
no ipv6 cef
!
ip inspect name ICMP icmp timeout 10
spanning-tree mode pvst
!
interface FastEthernet0/0
ip address 192.168.2.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 12.12.12.2 255.255.255.252
ip access-group BLOCK_ALL in
ip inspect ICMP out
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
ip classless
ip route 192.168.1.0 255.255.255.0 12.12.12.1
!
ip flow-export version 9
!
ip access-list extended BLOCK_ALL
deny ip any any
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end

View solution in original post

4 REPLIES 4
Highlighted
VIP Mentor

Re: ACL Trouble

i do not have packet tracer to test your Zip file.

 

you can use established syntax for who intiate the connection

 

Look at the example : 

Example: Allowing SMTP E-mail and Established TCP Connections

 

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_data_acl/configuration/xe-3s/sec-data-acl-xe-3s-book/sec-create-ip-apply.html

BB
*** Rate All Helpful Responses ***
Highlighted
VIP Mentor

Re: ACL Trouble

Hello,

 

you could configure CBAC (Context Based Access Control) on R2. The config would look like below (important parts marked in bold). The revised .pkt file is attached.

 

Building configuration...

Current configuration : 827 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
ip cef
no ipv6 cef
!
ip inspect name ICMP icmp timeout 10
spanning-tree mode pvst
!
interface FastEthernet0/0
ip address 192.168.2.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 12.12.12.2 255.255.255.252
ip access-group BLOCK_ALL in
ip inspect ICMP out
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
ip classless
ip route 192.168.1.0 255.255.255.0 12.12.12.1
!
ip flow-export version 9
!
ip access-list extended BLOCK_ALL
deny ip any any
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end

View solution in original post

Highlighted
Beginner

Re: ACL Trouble

Cam you give me ScreenShots Sir?

Highlighted
Beginner

Re: ACL Trouble

Thank you, sir, for your help