Cisco Community
English
Register
We're here for you! LEARN about free offerings and business continuity best practices during the COVID-19 pandemic
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
539
Views
0
Helpful
7
Replies
fran19422
fran19422 Beginner
Beginner
‎08-23-2012 08:30 PM
‎08-23-2012 08:30 PM

access control list problem

Hello, I am trying to deifne an access control list to permit traffic from all internal (172,16.0.0/16) addressess, and deny all other traffic.

I have created the following:

access-list 1 permit 172.16.0.0 0.0.255.255

access-list 1 deny any

and applied it to the outgoing interface of the router:

interface FastEthernet0/0

ip address 10.0.0.1 255.0.0.0

ip access-group 1 out

ip nat outside

duplex auto

speed auto

However traffic from the networks: 172.16.4.0, 172.16.3.252, 172.16.255.252 and 172.16.255.248 cannot pass.

Have I done something incorrect here ?

Thanks for any help.

Labels:
0 Helpful
Reply
3 ACCEPTED SOLUTIONS

Accepted Solutions
Highlighted
canalc
canalc Beginner
Beginner
‎08-23-2012 11:38 PM
‎08-23-2012 11:38 PM

access control list problem

hi philip:   

     traffic from the networks: 172.16.4.0, 172.16.3.252, 172.16.255.252 and 172.16.255.248 is be nat ip 192.168.1.6

    192.168.1.6 can not pass the

    access-list 1 permit 172.16.0.0 0.0.255.255

    access-list 1 deny any

View solution in original post

0 Helpful
Reply
Highlighted
cadet alain
cadet alain Advisor
Advisor
‎08-23-2012 11:39 PM
‎08-23-2012 11:39 PM

access control list problem

Hi,

Why are you doing this NAT overload on Belfast ?

Just  do no ip nat outside on Belfast f0/0 so there ain't no more NAT and it will work.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

View solution in original post

0 Helpful
Reply
Highlighted
johnlloyd_13
johnlloyd_13 Engager
Engager
‎08-24-2012 12:00 AM
‎08-24-2012 12:00 AM

Re: access control list problem

Hi Alain,

Thanks for lending a hand on OP's issue!

Philip,

Could you try what Alain suggested and let us know how it goes?

Sent from Cisco Technical Support iPhone App

View solution in original post

0 Helpful
Reply
7 REPLIES 7
Highlighted
johnlloyd_13
johnlloyd_13 Engager
Engager
‎08-23-2012 09:11 PM
‎08-23-2012 09:11 PM

access control list problem

hi philip,

could you post the device's show run and a network diagram? are you running this on PT?

0 Helpful
Reply
Highlighted
fran19422
fran19422 Beginner
Beginner
‎08-23-2012 09:17 PM
‎08-23-2012 09:17 PM

Re: access control list problem

thank you for your help.

I have attached the packet tracer file. It should be easy to see what I am doing wrong for someone more proficient than me

The two passwords are:'cisco' and 'class'.

The router with the access control list is "Belfast".

Regards

0 Helpful
Reply
Highlighted
johnlloyd_13
johnlloyd_13 Engager
Engager
‎08-23-2012 09:54 PM
‎08-23-2012 09:54 PM

Re: access control list problem

hi philip,

sorry i don't have PT installed on my PC right now. could you copy and pase the config here?

0 Helpful
Reply
Highlighted
fran19422
fran19422 Beginner
Beginner
‎08-23-2012 10:44 PM
‎08-23-2012 10:44 PM

Re: access control list problem

yes, I have done that in the previous message.

Thank you kindly.

0 Helpful
Reply
Highlighted
cadet alain
cadet alain Advisor
Advisor
‎08-23-2012 11:39 PM
‎08-23-2012 11:39 PM

access control list problem

Hi,

Why are you doing this NAT overload on Belfast ?

Just  do no ip nat outside on Belfast f0/0 so there ain't no more NAT and it will work.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

View solution in original post

0 Helpful
Reply
Highlighted
johnlloyd_13
johnlloyd_13 Engager
Engager
‎08-24-2012 12:00 AM
‎08-24-2012 12:00 AM

Re: access control list problem

Hi Alain,

Thanks for lending a hand on OP's issue!

Philip,

Could you try what Alain suggested and let us know how it goes?

Sent from Cisco Technical Support iPhone App

View solution in original post

0 Helpful
Reply
Highlighted
canalc
canalc Beginner
Beginner
‎08-23-2012 11:38 PM
‎08-23-2012 11:38 PM

access control list problem

hi philip:   

     traffic from the networks: 172.16.4.0, 172.16.3.252, 172.16.255.252 and 172.16.255.248 is be nat ip 192.168.1.6

    192.168.1.6 can not pass the

    access-list 1 permit 172.16.0.0 0.0.255.255

    access-list 1 deny any

View solution in original post

0 Helpful
Reply
Latest Contents
Community Live video- Cisco SD-WAN Policies: Leveraging the ...
Created by hiarteag on 03-27-2020 07:46 AM
0
5
0
5
Community Live- Cisco SD-WAN Policies: Leveraging the Full Power of Cisco SD-WAN (Live event - formerly known as Webcast-  Tuesday 24 March, 2020 at 10 am Pacific/ 1 pm Eastern / 6 pm Paris) This event had place on Tuesday 24th, March 2020 at 10hrs P... view more
Cisco 9200L IOS upgrade via USB
Created by gregorypierce1 on 03-26-2020 10:09 AM
7
0
7
0
IS there a way to upgrade the ios on a cisco 9200l switch using a usb drive instead of using a tftp server? If so could someone point me to the article or tell me how this can be done? These switches seem to be more complicated than previous switches. Tha... view more
Firepower 2110 Integration with SD-WAN Design Assistance
Created by gilbert.aispuro1 on 03-26-2020 03:10 AM
0
0
0
0
Hello,I'm needing to integrate the Cisco Firepower 2110 into our Data Center JUST to fulfill Site-to-Site and Remote Access VPN. My SD-WAN ISRs already have FW and IPS running, which is what I want since I have internet breakouts at my branches, so this D... view more
When needed to configure "Spanning-tree vlan X priority"?
Created by getaway51 on 03-24-2020 06:31 PM
3
0
3
0
Hi, Switch 1 and switch 2 connected via trunk. Both configured with new vlan 3.When creating new vlan 3, is it need to include "Spanning-tree vlan 3 priority 8192"- Sw 1 and "Spanning-tree vlan 3 priority 16384"-Sw 2?What will happen for those s... view more
Popup ISR1K Single Box LTE/WiFi Hotspot Solution - IOS-XE
Created by Kureli Sankar on 03-24-2020 11:18 AM
0
5
0
5
GoalTo provide a solution to quickly setup a pop-up site that supports WiFi and provides instant internet access using LTE as a transport.Supported PlatformsISR 1K series routers with LTE and WiFi capability.Supported Router Models and Required Licenses&n... view more
CreatePlease to create content
Discussion
Blog
Document
Video
Content for Community-Ad