cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
918
Views
5
Helpful
4
Replies

ACL Trouble

Piers
Level 1
Level 1

image.png

Hello there please help me, I'm learning about ACL and using the standard in the trials that I do. I think it works but it's different from what I expected, I want the server to ping the client but the client can't ping the server and what I get is that the server and client won't ping each other. Anyone can tell me what's wrong, I'm very confused. This is the topology that I made, please check.

1 Accepted Solution

Accepted Solutions

Hello,

 

you could configure CBAC (Context Based Access Control) on R2. The config would look like below (important parts marked in bold). The revised .pkt file is attached.

 

Building configuration...

Current configuration : 827 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
ip cef
no ipv6 cef
!
ip inspect name ICMP icmp timeout 10
spanning-tree mode pvst
!
interface FastEthernet0/0
ip address 192.168.2.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 12.12.12.2 255.255.255.252
ip access-group BLOCK_ALL in
ip inspect ICMP out
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
ip classless
ip route 192.168.1.0 255.255.255.0 12.12.12.1
!
ip flow-export version 9
!
ip access-list extended BLOCK_ALL
deny ip any any
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end

View solution in original post

4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

i do not have packet tracer to test your Zip file.

 

you can use established syntax for who intiate the connection

 

Look at the example : 

Example: Allowing SMTP E-mail and Established TCP Connections

 

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_data_acl/configuration/xe-3s/sec-data-acl-xe-3s-book/sec-create-ip-apply.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hello,

 

you could configure CBAC (Context Based Access Control) on R2. The config would look like below (important parts marked in bold). The revised .pkt file is attached.

 

Building configuration...

Current configuration : 827 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
ip cef
no ipv6 cef
!
ip inspect name ICMP icmp timeout 10
spanning-tree mode pvst
!
interface FastEthernet0/0
ip address 192.168.2.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 12.12.12.2 255.255.255.252
ip access-group BLOCK_ALL in
ip inspect ICMP out
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
ip classless
ip route 192.168.1.0 255.255.255.0 12.12.12.1
!
ip flow-export version 9
!
ip access-list extended BLOCK_ALL
deny ip any any
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end

Cam you give me ScreenShots Sir?

Thank you, sir, for your help

Review Cisco Networking for a $25 gift card