Cisco Community
English
Register
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
674
Views
0
Helpful
7
Replies
Highlighted
fran19422
Beginner
Beginner
‎08-23-2012 08:30 PM
‎08-23-2012 08:30 PM

access control list problem

Hello, I am trying to deifne an access control list to permit traffic from all internal (172,16.0.0/16) addressess, and deny all other traffic.

I have created the following:

access-list 1 permit 172.16.0.0 0.0.255.255

access-list 1 deny any

and applied it to the outgoing interface of the router:

interface FastEthernet0/0

ip address 10.0.0.1 255.0.0.0

ip access-group 1 out

ip nat outside

duplex auto

speed auto

However traffic from the networks: 172.16.4.0, 172.16.3.252, 172.16.255.252 and 172.16.255.248 cannot pass.

Have I done something incorrect here ?

Thanks for any help.

Labels:
0 Helpful
Reply
3 ACCEPTED SOLUTIONS

Accepted Solutions
Highlighted
canalc
Beginner
Beginner
In response to fran19422
‎08-23-2012 11:38 PM
‎08-23-2012 11:38 PM

hi philip:   

     traffic from the networks: 172.16.4.0, 172.16.3.252, 172.16.255.252 and 172.16.255.248 is be nat ip 192.168.1.6

    192.168.1.6 can not pass the

    access-list 1 permit 172.16.0.0 0.0.255.255

    access-list 1 deny any

View solution in original post

0 Helpful
Reply
Highlighted
cadet alain
Advisor
Advisor
In response to fran19422
‎08-23-2012 11:39 PM
‎08-23-2012 11:39 PM

Hi,

Why are you doing this NAT overload on Belfast ?

Just  do no ip nat outside on Belfast f0/0 so there ain't no more NAT and it will work.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

View solution in original post

0 Helpful
Reply
Highlighted
johnlloyd_13
Engager
Engager
In response to cadet alain
‎08-24-2012 12:00 AM
‎08-24-2012 12:00 AM

Hi Alain,

Thanks for lending a hand on OP's issue!

Philip,

Could you try what Alain suggested and let us know how it goes?

Sent from Cisco Technical Support iPhone App

View solution in original post

0 Helpful
Reply
7 REPLIES 7
Highlighted
johnlloyd_13
Engager
Engager
‎08-23-2012 09:11 PM
‎08-23-2012 09:11 PM

hi philip,

could you post the device's show run and a network diagram? are you running this on PT?

0 Helpful
Reply
Highlighted
fran19422
Beginner
Beginner
In response to johnlloyd_13
‎08-23-2012 09:17 PM
‎08-23-2012 09:17 PM

thank you for your help.

I have attached the packet tracer file. It should be easy to see what I am doing wrong for someone more proficient than me

The two passwords are:'cisco' and 'class'.

The router with the access control list is "Belfast".

Regards

Preview file
53 KB
0 Helpful
Reply
Highlighted
johnlloyd_13
Engager
Engager
In response to fran19422
‎08-23-2012 09:54 PM
‎08-23-2012 09:54 PM

hi philip,

sorry i don't have PT installed on my PC right now. could you copy and pase the config here?

0 Helpful
Reply
Highlighted
fran19422
Beginner
Beginner
In response to johnlloyd_13
‎08-23-2012 10:44 PM
‎08-23-2012 10:44 PM

yes, I have done that in the previous message.

Thank you kindly.

0 Helpful
Reply
Highlighted
cadet alain
Advisor
Advisor
In response to fran19422
‎08-23-2012 11:39 PM
‎08-23-2012 11:39 PM

Hi,

Why are you doing this NAT overload on Belfast ?

Just  do no ip nat outside on Belfast f0/0 so there ain't no more NAT and it will work.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

View solution in original post

0 Helpful
Reply
Highlighted
johnlloyd_13
Engager
Engager
In response to cadet alain
‎08-24-2012 12:00 AM
‎08-24-2012 12:00 AM

Hi Alain,

Thanks for lending a hand on OP's issue!

Philip,

Could you try what Alain suggested and let us know how it goes?

Sent from Cisco Technical Support iPhone App

View solution in original post

0 Helpful
Reply
Highlighted
canalc
Beginner
Beginner
In response to fran19422
‎08-23-2012 11:38 PM
‎08-23-2012 11:38 PM

hi philip:   

     traffic from the networks: 172.16.4.0, 172.16.3.252, 172.16.255.252 and 172.16.255.248 is be nat ip 192.168.1.6

    192.168.1.6 can not pass the

    access-list 1 permit 172.16.0.0 0.0.255.255

    access-list 1 deny any

View solution in original post

0 Helpful
Reply
Latest Contents
Cisco SD-WAN Global Forum : Quick Guide to Design, Deploy, O...
Created by ciscomoderator on 03-05-2021 12:50 PM
0
0
0
0
To participate in this event, please use the  button to ask your questions * Note: The link to join the discussion will be activated on March 8 All the knowledge of these four experts at your disposal! Cisco Software-Defined Wide Area Network (SD-WAN... view more
Community Live Event- ISR1100X-4G and ISR1100X-6G Platform O...
Created by Cisco Moderador on 03-02-2021 05:23 AM
1
0
1
0
Community Live- ISR1100X-4G and ISR1100X-6G Platform Overview and Architecture (Live event -  Tuesday, 23 March, 2021 at 10:00 am Pacific/ 1:00 pm Eastern / 7:00 pm Paris)- This event will have place on Tuesday 23rd, March 2021 at 10:00 hrs PDT&... view more
Cisco Secure Network Access Bridges the Gap
Created by Kelli Glass on 02-26-2021 04:19 PM
0
0
0
0
Cisco Secure Network Access is helping IT to bridge the gap between what is essential to the business and what the network delivers and to build the next-generation campus network for an unplugged and uninterrupted experience. Learn more about how these w... view more
Community Live Video - New Additions to the Catalyst 8000 Fa...
Created by Cisco Moderador on 02-24-2021 08:49 AM
0
0
0
0
(view in My Videos) Community Live- New Additions to the Catalyst 8000 Family (Live event -  Tuesday, 23 February, 2021 at 10:00 am Pacific/ 1:00 pm Eastern / 7:00 pm Paris)- This event had place on Tuesday 23rd, February 2021 at 10:00 hrs PDT... view more
New Additions to the Catalyst 8000 Family- FAQ
Created by Cisco Moderador on 02-24-2021 07:23 AM
0
0
0
0
This event had place on Tuesday 23rd, February 2021 at 10hrs PDT  Introduction Designed for an intent-based network, the Cisco Catalyst 8000 Edge Platforms family offers best-in-class networking and security combined. The platforms, available in b... view more
Content for Community-Ad