Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1887
Views
0
Helpful
7
Replies

access control list problem

Go to solution
fran19422
Level 1
Level 1

‎08-23-2012 08:30 PM - edited ‎03-07-2019 08:30 AM

Hello, I am trying to deifne an access control list to permit traffic from all internal (172,16.0.0/16) addressess, and deny all other traffic.

I have created the following:

access-list 1 permit 172.16.0.0 0.0.255.255

access-list 1 deny any

and applied it to the outgoing interface of the router:

interface FastEthernet0/0

ip address 10.0.0.1 255.0.0.0

ip access-group 1 out

ip nat outside

duplex auto

speed auto

However traffic from the networks: 172.16.4.0, 172.16.3.252, 172.16.255.252 and 172.16.255.248 cannot pass.

Have I done something incorrect here ?

Thanks for any help.

Labels:
0 Helpful
3 Accepted Solutions

Accepted Solutions

Go to solution
canalc
Level 1
Level 1
In response to fran19422

‎08-23-2012 11:38 PM

hi philip:   

     traffic from the networks: 172.16.4.0, 172.16.3.252, 172.16.255.252 and 172.16.255.248 is be nat ip 192.168.1.6

    192.168.1.6 can not pass the

    access-list 1 permit 172.16.0.0 0.0.255.255

    access-list 1 deny any

View solution in original post

0 Helpful

Go to solution
cadet alain
VIP Alumni
VIP Alumni
In response to fran19422

‎08-23-2012 11:39 PM

Hi,

Why are you doing this NAT overload on Belfast ?

Just  do no ip nat outside on Belfast f0/0 so there ain't no more NAT and it will work.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

View solution in original post

0 Helpful

Go to solution
johnlloyd_13
Level 9
Level 9
In response to cadet alain

‎08-24-2012 12:00 AM

Hi Alain,

Thanks for lending a hand on OP's issue!

Philip,

Could you try what Alain suggested and let us know how it goes?

Sent from Cisco Technical Support iPhone App

View solution in original post

0 Helpful
7 Replies 7

Go to solution
johnlloyd_13
Level 9
Level 9

‎08-23-2012 09:11 PM

hi philip,

could you post the device's show run and a network diagram? are you running this on PT?

0 Helpful

Go to solution
fran19422
Level 1
Level 1
In response to johnlloyd_13

‎08-23-2012 09:17 PM

thank you for your help.

I have attached the packet tracer file. It should be easy to see what I am doing wrong for someone more proficient than me

The two passwords are:'cisco' and 'class'.

The router with the access control list is "Belfast".

Regards

Preview file
53 KB
0 Helpful

Go to solution
johnlloyd_13
Level 9
Level 9
In response to fran19422

‎08-23-2012 09:54 PM

hi philip,

sorry i don't have PT installed on my PC right now. could you copy and pase the config here?

0 Helpful

Go to solution
fran19422
Level 1
Level 1
In response to johnlloyd_13

‎08-23-2012 10:44 PM

yes, I have done that in the previous message.

Thank you kindly.

0 Helpful

Go to solution
cadet alain
VIP Alumni
VIP Alumni
In response to fran19422

‎08-23-2012 11:39 PM

Hi,

Why are you doing this NAT overload on Belfast ?

Just  do no ip nat outside on Belfast f0/0 so there ain't no more NAT and it will work.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
0 Helpful

Go to solution
johnlloyd_13
Level 9
Level 9
In response to cadet alain

‎08-24-2012 12:00 AM

Hi Alain,

Thanks for lending a hand on OP's issue!

Philip,

Could you try what Alain suggested and let us know how it goes?

Sent from Cisco Technical Support iPhone App

0 Helpful

Go to solution
canalc
Level 1
Level 1
In response to fran19422

‎08-23-2012 11:38 PM

hi philip:   

     traffic from the networks: 172.16.4.0, 172.16.3.252, 172.16.255.252 and 172.16.255.248 is be nat ip 192.168.1.6

    192.168.1.6 can not pass the

    access-list 1 permit 172.16.0.0 0.0.255.255

    access-list 1 deny any

0 Helpful
Customers Also Viewed These Support Documents