cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
539
Views
0
Helpful
7
Replies
Beginner

access control list problem

Hello, I am trying to deifne an access control list to permit traffic from all internal (172,16.0.0/16) addressess, and deny all other traffic.

I have created the following:

access-list 1 permit 172.16.0.0 0.0.255.255

access-list 1 deny any

and applied it to the outgoing interface of the router:

interface FastEthernet0/0

ip address 10.0.0.1 255.0.0.0

ip access-group 1 out

ip nat outside

duplex auto

speed auto

However traffic from the networks: 172.16.4.0, 172.16.3.252, 172.16.255.252 and 172.16.255.248 cannot pass.

Have I done something incorrect here ?

Thanks for any help.

3 ACCEPTED SOLUTIONS

Accepted Solutions
Highlighted
Beginner

access control list problem

hi philip:   

     traffic from the networks: 172.16.4.0, 172.16.3.252, 172.16.255.252 and 172.16.255.248 is be nat ip 192.168.1.6

    192.168.1.6 can not pass the

    access-list 1 permit 172.16.0.0 0.0.255.255

    access-list 1 deny any

View solution in original post

Highlighted
Advisor

access control list problem

Hi,

Why are you doing this NAT overload on Belfast ?

Just  do no ip nat outside on Belfast f0/0 so there ain't no more NAT and it will work.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

View solution in original post

Highlighted
Engager

Re: access control list problem

Hi Alain,

Thanks for lending a hand on OP's issue!

Philip,

Could you try what Alain suggested and let us know how it goes?

Sent from Cisco Technical Support iPhone App

View solution in original post

7 REPLIES 7
Highlighted
Engager

access control list problem

hi philip,

could you post the device's show run and a network diagram? are you running this on PT?

Highlighted
Beginner

Re: access control list problem

thank you for your help.

I have attached the packet tracer file. It should be easy to see what I am doing wrong for someone more proficient than me

The two passwords are:'cisco' and 'class'.

The router with the access control list is "Belfast".

Regards

Highlighted
Engager

Re: access control list problem

hi philip,

sorry i don't have PT installed on my PC right now. could you copy and pase the config here?

Highlighted
Beginner

Re: access control list problem

yes, I have done that in the previous message.

Thank you kindly.

Highlighted
Advisor

access control list problem

Hi,

Why are you doing this NAT overload on Belfast ?

Just  do no ip nat outside on Belfast f0/0 so there ain't no more NAT and it will work.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

View solution in original post

Highlighted
Engager

Re: access control list problem

Hi Alain,

Thanks for lending a hand on OP's issue!

Philip,

Could you try what Alain suggested and let us know how it goes?

Sent from Cisco Technical Support iPhone App

View solution in original post

Highlighted
Beginner

access control list problem

hi philip:   

     traffic from the networks: 172.16.4.0, 172.16.3.252, 172.16.255.252 and 172.16.255.248 is be nat ip 192.168.1.6

    192.168.1.6 can not pass the

    access-list 1 permit 172.16.0.0 0.0.255.255

    access-list 1 deny any

View solution in original post

CreatePlease to create content
Content for Community-Ad