Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

access-list at serial0 inbound traffic not working

Status
Not open for further replies.
Edward999

Edward999

Programmer
Joined
Dec 26, 2002
Messages
112
Location
MY


Hi I have a problems with my access-list at my cisco router.

Below is my router configuration:

interface FastEthernet0
ip address xxx.xxx.xxx.xxx 255.255.255.0
ip nat inside
speed auto
!
interface Serial0
description "Serial Link to ISP"
bandwidth 512
ip address yyy.yyy.yyy.yyy 255.255.255.252
ip access-group 102 in
ip nat outside
encapsulation ppp
!
router rip
version 2
passive-interface Serial0
network zz.0.0.0
network xxx.xxx.xxx.0
no auto-summary
!
!
ip nat pool alpine-natpool-0 aaa.aaa.aaa.bbb aaa.aaa.aaa.ccc netmask 255.255.255.224
ip nat inside source list 1 pool alpine-natpool-0 overload
ip nat inside source static 193.161.1.20 aaa.aaa.aaa.cc
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0
no ip http server
!
!
access-list 1 permit any
access-list 102 permit tcp 220.1.1.192 0.0.0.31 host yyy.yyy.yyy.yyy eq telnet
access-list 102 permit tcp 220.1.1.192 0.0.0.31 host aaa.aaa.aaa.ddd
access-list 102 permit ip any any
end

My Static NAT to 193.161.1.20 working fine. My router located at my branch office and i accessing my server 193.161.1.20 through port 80 http at my HQ office. I can access my server 193.161.1.20.

My access-list was trying to allow only on my HQ valid IP which is 220.1.1.192 to access my server 193.161.1.20.

My access-list not working because i can use dail up internet to access my server 193.161.1.20.

Why i cannot allow only my HQ valid IP to access the server?
I already permit the access-list but still allow other IP address to access my server 193.161.1.20.

Please help...thanks for any reply

 
Sort by date Sort by votes

oops...sorry the Ip address aaa.aaa.aaa.cc and aaa.aaa.aaa.ddd is the same

Sorry...thx
 
Upvote 0 Downvote

"access-list 102 permit tcp 220.1.1.192 0.0.0.31 host aaa.aaa.aaa.ddd"

when using 'tcp' or 'udp' in an access list you are supposed to define a port number.

"access-list 102 permit ip any any"

Not much point in having an access list and then allowing all traffic.

"My access-list not working because i can use dail up internet to access my server 193.161.1.20."

This is because your access list allows "ip any any". You are basically saying;

Allow 220.1.1.192 0.0.0.31
Also allow everything else.

Chris.

**********************
Chris A.C, CCNA, CCSA
**********************
 
Upvote 0 Downvote


Yes you are right chrisAC. Thanks for your reply. I appreciate it.

Thanks again.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

quazimotto
  • Locked
  • Question Question
Cisco ASA_5505 VPN to Juniper_SRX210 VPN IS UP_ No Traffic!!!!!!
Replies
0
Views
316
quazimotto
quazimotto
stanlyn
  • Locked
  • Question Question
HowTo Install Multiple PAP2T ATA Devices on Same Lan
Replies
3
Views
637
iggsterman
iggsterman
telemarksman
  • Locked
  • Question Question
ATA Cisco SPA122 not triggering single line courtesy phone ringer
Replies
0
Views
299
telemarksman
telemarksman
steel_bender
  • Locked
  • Question Question
Allow HTTPS TCP Traffic through ASA5525
Replies
1
Views
373
Mogles49
Mogles49
acabezas2014
  • Locked
  • Question Question
Need to create QoS for SNMP and Radius traffic on Cisco 4948 Switches
Replies
0
Views
298
acabezas2014
acabezas2014

Part and Inventory Search

Sponsor

Back
Top