standard acl problem both pc not ping

francota · ‎01-21-2019

Hello

I am having a problem with acl

I attach a screenshot of the scenario that I am testing in Packet tracer

I want that the computer 192.168.1.10 is not able to ping the pc with ip 172.16.0.1.

Using this acl on g0/1 out:

Standard IP access list 1

10 deny host 192.168.1.10 (16 match(es))

20 permit any

the 192.168.1.10 pc is not able to ping but also the other pc is not able any more.

Why?? what is the problem

Thanks for helping

Georg Pauwen · ‎01-21-2019

Hello,

post your Packet Tracer project file (ZIP it first otherwise you cannot upload)...

francota · ‎01-21-2019

I attach the file as you asked..thanks

Jon Marshall · ‎01-21-2019

Do you mean 172.16.0.1 cannot ping 192.168.1.10 ?

If so that is because when you ping from 172.16.0.1 the response from 192.168.1.10 is blocked by your acl.

access-list 101 permit icmp host 192.168.1.10 host 172.16.0.1 echo-reply
access-list 101 deny ip host 192.168.1.10 any
access-list 101 permit ip any any

note though the last line does nothing in your setup so if you are trying to block only ping from 192.168.1.10 -

access-list 101 permit icmp host 192.168.1.10 host 172.16.0.1 echo-reply
access-list 101 deny icmp host 192.168.1.10 host 172.16.0.1 echo
access-list 101 permit ip any any

Jon

francota · ‎01-21-2019

I want to use the standard acl

it is possible?? isnt it??

thanks

Jon Marshall · ‎01-21-2019

If you want to ping one way but not the other no it isn’t.

Jon

francota · ‎01-24-2019

Ok I got it

Thank you for helping

k.alexey3601 · ‎01-24-2019

Hello.

You can also use "Simulation" in PT to see what happened with your traffic. Where it's blocked, how to packets routed and etc.

BR