Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

ACL problems

Status
Not open for further replies.
kidem

kidem

MIS
Feb 17, 2004
44
US
ok...im going to give you my config, i can not get FTP to work through ACL can some one help thanks,,,,
I dont know why its not working i have FTP ACL entries and static mappings to FTP server...

memory-size iomem 15
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
!
ip dhcp pool dhcppool
import all
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
lease 7
!
no ip bootp server
ip inspect name ftp ftp timeout 30
ip audit attack action alarm reset
ip audit notify log
ip audit po max-events 100
ip cef
!
interface Ethernet0
ip address dhcp
ip access-group 100 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip inspect ftp in
half-duplex
ntp disable
no cdp enable
!
interface FastEthernet0
ip address 10.10.10.1 255.255.255.0
ip nat inside
speed auto
no cdp enable
!
ip nat inside source list 1 interface Ethernet0 overload
ip nat inside source static tcp 10.10.10.60 20 interface Ethernet0 20
ip nat inside source static tcp 10.10.10.60 21 interface Ethernet0 21
ip classless
no ip http server
ip pim bidir-enable
!
!
ip access-list extended internet-in
!
logging 10.10.10.66
access-list 1 permit 10.0.0.0 0.255.255.255 log

access-list 100 permit tcp any any range ftp-data ftp
access-list 100 permit tcp any gt 1023 host 10.10.10.60 eq ftp
access-list 100 permit tcp any gt 1023 host 10.10.10.60 eq ftp-data
access-list 100 permit udp any eq 53 any
access-list 100 permit tcp any gt 1023 host 10.10.10.60 gt 1023
access-list 100 permit icmp any any net-unreachable
access-list 100 permit icmp any any host-unreachable
access-list 100 permit icmp any any port-unreachable
access-list 100 permit icmp any any parameter-problem
access-list 100 permit icmp any any packet-too-big
access-list 100 permit icmp any any administratively-prohibited
access-list 100 permit icmp any any source-quench
access-list 100 permit icmp any any echo-reply
access-list 100 permit icmp any any ttl-exceeded
access-list 100 permit tcp any any established
access-list 100 deny icmp any any log
access-list 100 deny 53 any any log-input
access-list 100 deny 55 any any log-input
access-list 100 deny 77 any any log-input
access-list 100 deny pim any any log-input
access-list 100 deny udp any any eq netbios-ns log-input
access-list 100 deny udp any any eq netbios-dgm log-input
access-list 100 deny udp any any eq netbios-ss log-input
access-list 100 deny tcp any any eq 139 log-input
access-list 101 permit ip any any log
access-list 101 permit tcp any any log
access-list 101 permit udp any any log
no cdp run
!
banner motd ^C
**************************
WARNING
**************************

WARNING - Authorized users only.
^C
!
line con 0
line aux 0
line vty 0 3
access-class 1 in
password 7
login
telnet refuse-negotiations
line vty 4
access-class 1 in
access-class 10 out
password 7
login
telnet refuse-negotiations
!
no scheduler allocate
end
 
Sort by date Sort by votes
At first, it would appear that way. However, since the line in the access-list specifies FTP traffic, it will isolate all FTP traffic to that line in the access-list. If that line doesn't match, then it will look for another line that specifies FTP. If there is no FTP match, then it is dropped. This is only because there is a line in there that specifies FTP.

Once you specify a port in an access-list, that traffic is then looked at for a specific match.

I know it seems that the "ip any any" should be a catch all, but it's not. I learned this the hard way, and it blew my mind for about a day or so figuring out a problem.

BierHunter
CNE, MCSE, CCNP
 
Upvote 0 Downvote
true. but he said that he is forwarding the ports 13010-13015 tcp from his ftp server so that the acl would allow traffic to these ports through to reach the bottom of the list. ?
 
Upvote 0 Downvote
once we see the show log and show ip nat translations that with captured access-list violations from an attempted session we will know more
 
Upvote 0 Downvote
Ok...i will do that when i get there, im out setting up some servers, thanks for the reply guys!!!!!
 
Upvote 0 Downvote
ok..here is
SH ip nat trans
router1#sh ip nat tran
Pro Inside global Inside local Outside local Outside global
udp 24.223.139.68:108 10.10.10.66:138 10.255.255.255:138 10.255.255.255:13
udp 24.223.139.68:137 10.10.10.60:137 10.255.255.255:137 10.255.255.255:13
udp 24.223.139.68:138 10.10.10.60:138 10.255.255.255:138 10.255.255.255:13
tcp 24.223.139.68:22411 10.10.10.60:22411 207.33.111.32:80 207.33.111.32:80
tcp 24.223.139.68:22416 10.10.10.60:22416 207.33.111.32:80 207.33.111.32:80
tcp 24.223.139.68:22417 10.10.10.60:22417 207.33.111.32:80 207.33.111.32:80
tcp 24.223.139.68:22412 10.10.10.60:22412 65.61.165.21:80 65.61.165.21:80
tcp 24.223.139.68:22413 10.10.10.60:22413 65.61.165.21:80 65.61.165.21:80
tcp 24.223.139.68:22414 10.10.10.60:22414 207.33.111.32:443 207.33.111.32:443
tcp 24.223.139.68:1166 10.10.10.66:1166 64.246.169.201:80 64.246.169.201:80
tcp 24.223.139.68:1167 10.10.10.66:1167 64.246.169.201:80 64.246.169.201:80
tcp 24.223.139.68:1316 10.10.10.66:1316 66.28.176.48:80 66.28.176.48:80
tcp 24.223.139.68:20 10.10.10.60:20 --- ---
tcp 24.223.139.68:21 10.10.10.60:21 --- ---
udp 24.223.139.68:1029 10.10.10.66:1029 207.69.188.185:53 207.69.188.185:53
tcp 24.223.139.68:20 10.10.10.60:20 207.33.111.37:43594 207.33.111.37:43
4
tcp 24.223.139.68:21 10.10.10.60:21 207.33.111.37:43594 207.33.111.37:43
4
tcp 24.223.139.68:1993 10.10.10.65:1993 207.46.106.149:1863 207.46.106.149:1
3
udp 24.223.139.68:137 10.10.10.60:137 192.168.0.10:137 192.168.0.10:137
tcp 24.223.139.68:22407 10.10.10.60:22407 216.239.41.104:80 216.239.41.104:80
tcp 24.223.139.68:22408 10.10.10.60:22408 216.239.41.104:80 216.239.41.104:80
Pro Inside global Inside local Outside local Outside global
tcp 24.223.139.68:22419 10.10.10.60:22419 216.239.41.104:80 216.239.41.104:80
tcp 24.223.139.68:20 10.10.10.60:20 207.33.111.35:44153 207.33.111.35:44
3
tcp 24.223.139.68:13010 10.10.10.60:13010 --- ---
tcp 24.223.139.68:21 10.10.10.60:21 207.33.111.35:44153 207.33.111.35:44
3
tcp 24.223.139.68:13011 10.10.10.60:13011 --- ---
tcp 24.223.139.68:13012 10.10.10.60:13012 --- ---
tcp 24.223.139.68:13013 10.10.10.60:13013 --- ---
tcp 24.223.139.68:13014 10.10.10.60:13014 --- ---
tcp 24.223.139.68:13015 10.10.10.60:13015 --- ---
tcp 24.223.139.68:4902 10.10.10.66:4902 81.0.254.167:80 81.0.254.167:80
tcp 24.223.139.68:4903 10.10.10.66:4903 81.0.254.167:80 81.0.254.167:80
tcp 24.223.139.68:22420 10.10.10.60:22420 216.45.19.33:80 216.45.19.33:80
tcp 24.223.139.68:22421 10.10.10.60:22421 216.45.19.33:80 216.45.19.33:80
tcp 24.223.139.68:22422 10.10.10.60:22422 216.45.19.33:80 216.45.19.33:80
tcp 24.223.139.68:22423 10.10.10.60:22423 216.45.19.33:80 216.45.19.33:8


here is logs



18:02:26: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 24.223.139.68(1993) -> 207
.46.106.149(1863), 1 packet
18:02:26: %SEC-6-IPACCESSLOGP: list 101 permitted udp 24.223.139.68(138) -> 10.2
55.255.255(138), 4 packets
18:02:26: %SEC-6-IPACCESSLOGP: list 100 permitted tcp 207.46.106.149(1863) -> 24
.223.139.66(1993), 1 packet
18:03:26: %SEC-6-IPACCESSLOGP: list 100 permitted udp 10.40.64.1(67) -> 255.255.
255.255(68), 17 packets
18:04:26: %SEC-6-IPACCESSLOGS: list 1 permitted 10.10.10.60 7 packets
18:04:26: %SEC-6-IPACCESSLOGP: list 101 permitted udp 24.223.139.68(137) -> 192.
168.0.10(137), 9 packets
18:05:26: %SEC-6-IPACCESSLOGP: list 100 permitted tcp 24.82.197.134(3443) -> 24.
223.139.66(2745), 2 packets
18:06:26: %SEC-6-IPACCESSLOGP: list 100 permitted tcp 80.145.123.53(4302) -> 24.
223.139.66(1433), 2 packets
18:07:26: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 24.223.139.68(1993) -> 207
.46.106.149(1863), 1 packet
18:07:26: %SEC-6-IPACCESSLOGP: list 101 permitted udp 24.223.139.68(138) -> 10.2
55.255.255(138), 5 packets
18:07:26: %SEC-6-IPACCESSLOGP: list 100 permitted tcp 207.46.106.149(1863) -> 24
.223.139.66(1993), 1 packet
18:08:26: %SEC-6-IPACCESSLOGP: list 100 permitted udp 10.40.64.1(67) -> 255.255.
255.255(68), 14 packets
18:09:26: %SEC-6-IPACCESSLOGS: list 1 permitted 10.10.10.60 9 packets
18:09:26: %SEC-6-IPACCESSLOGP: list 101 permitted udp 24.223.139.68(137) -> 192.
168.0.10(137), 9 packets
18:09:45: %SEC-6-IPACCESSLOGP: list 100 permitted tcp 61.178.122.23(3615) -> 24.
223.139.66(9898), 1 packet
18:10:25: %SEC-6-IPACCESSLOGP: list 101 permitted udp 24.223.139.68(102) -> 10.2
55.255.255(138), 1 packet
18:10:26: %SEC-6-IPACCESSLOGS: list 1 permitted 10.10.10.66 1 packet
18:12:26: %SEC-6-IPACCESSLOGP: list 101 permitted udp 24.223.139.68(137) -> 10.2
55.255.255(137), 1 packet
18:12:26: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 24.223.139.68(1993) -> 207
.46.106.149(1863), 1 packet
18:12:26: %SEC-6-IPACCESSLOGP: list 101 permitted udp 24.223.139.68(138) -> 10.2
55.255.255(138), 5 packets
18:12:26: %SEC-6-IPACCESSLOGP: list 100 permitted tcp 207.46.106.149(1863) -> 24
.223.139.66(1993), 1 packet
18:13:26: %SEC-6-IPACCESSLOGP: list 100 permitted udp 10.40.64.1(67) -> 255.255.
255.255(68), 14 packets
18:14:26: %SEC-6-IPACCESSLOGS: list 1 permitted 10.10.10.60 7 packets
18:14:26: %SEC-6-IPACCESSLOGP: list 101 permitted udp 24.223.139.68(137) -> 192.
168.0.10(137), 9 packets
18:15:26: %SEC-6-IPACCESSLOGP: list 101 permitted udp 24.223.139.68(102) -> 10.2
55.255.255(138), 1 packet
18:17:26: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 24.223.139.68(1993) -> 207
.46.106.149(1863), 1 packet
18:17:26: %SEC-6-IPACCESSLOGP: list 101 permitted udp 24.223.139.68(138) -> 10.2
55.255.255(138), 4 packets
18:17:26: %SEC-6-IPACCESSLOGP: list 100 permitted tcp 207.46.106.149(1863) -> 24
.223.139.66(1993), 1 packet
18:18:26: %SEC-6-IPACCESSLOGP: list 100 permitted udp 10.40.64.1(67) -> 255.255.
255.255(68), 15 packets
18:19:26: %SEC-6-IPACCESSLOGS: list 1 permitted 10.10.10.60 9 packets
18:19:26: %SEC-6-IPACCESSLOGP: list 101 permitted udp 24.223.139.68(137) -> 192.
168.0.10(137), 9 packets
18:22:26: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 24.223.139.68(1993) -> 207
.46.106.149(1863), 1 packet
18:22:26: %SEC-6-IPACCESSLOGP: list 101 permitted udp 24.223.139.68(138) -> 10.2
55.255.255(138), 5 packets
18:22:26: %SEC-6-IPACCESSLOGP: list 100 permitted tcp 207.46.106.149(1863) -> 24
.223.139.66(1993), 1 packet
18:23:26: %SEC-6-IPACCESSLOGP: list 100 permitted udp 10.40.64.1(67) -> 255.255.
255.255(68), 2 packets
18:23:26: %SEC-6-IPACCESSLOGS: list 1 permitted 10.10.10.66 1 packet
18:24:26: %SEC-6-IPACCESSLOGP: list 101 permitted udp 24.223.139.68(137) -> 10.2
55.255.255(137), 1 packet
18:24:26: %SEC-6-IPACCESSLOGS: list 1 permitted 10.10.10.60 7 packets
18:24:26: %SEC-6-IPACCESSLOGP: list 101 permitted udp 24.223.139.68(137) -> 192.
168.0.10(137), 9 packets
18:24:33: %SEC-6-IPACCESSLOGP: list 100 permitted tcp 213.165.169.84(2978) -> 24
.223.139.66(1025), 1 packet
18:26:40: %SEC-6-IPACCESSLOGP: list 100 permitted udp 69.93.223.51(25369) -> 24.
223.139.66(1026), 1 packet
18:27:21: %SEC-6-IPACCESSLOGP: list 100 permitted tcp 218.106.101.234(52396) ->
24.223.139.68(9898), 1 packet
18:27:27: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 24.223.139.68(1993) -> 207
.46.106.149(1863), 1 packet
18:27:27: %SEC-6-IPACCESSLOGP: list 101 permitted udp 24.223.139.68(138) -> 10.2
55.255.255(138), 5 packets
18:27:27: %SEC-6-IPACCESSLOGP: list 100 permitted tcp 207.46.106.149(1863) -> 24
.223.139.66(1993), 1 packet
18:28:27: %SEC-6-IPACCESSLOGP: list 101 permitted udp 24.223.139.68(103) -> 10.2
55.255.255(138), 2 packets
18:28:27: %SEC-6-IPACCESSLOGP: list 100 permitted udp 10.40.64.1(67) -> 255.255.
255.255(68), 34 packets
18:29:27: %SEC-6-IPACCESSLOGS: list 1 permitted 10.10.10.60 9 packets
18:29:27: %SEC-6-IPACCESSLOGP: list 101 permitted udp 24.223.139.68(137) -> 192.
168.0.10(137), 9 packets
18:29:54: %SEC-6-IPACCESSLOGP: list 101 permitted udp 24.223.139.68(4240) -> 207
.69.188.185(53), 1 packet
18:30:25: %SEC-6-IPACCESSLOGP: list 100 permitted udp 65.24.6.226(67) -> 24.223.
139.66(68), 1 packet
18:30:27: %SEC-6-IPACCESSLOGS: list 1 permitted 10.10.10.66 1 packet
18:30:27: %SEC-6-IPACCESSLOGP: list 100 permitted tcp 213.165.169.84(2978) -> 24
.223.139.66(1025), 2 packets
18:32:27: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 24.223.139.68(1993) -> 207
.46.106.149(1863), 1 packet
18:32:27: %SEC-6-IPACCESSLOGP: list 101 permitted udp 24.223.139.68(138) -> 10.2
55.255.255(138), 4 packets
18:32:27: %SEC-6-IPACCESSLOGP: list 100 permitted tcp 207.46.106.149(1863) -> 24
.223.139.66(1993), 1 packet
18:33:27: %SEC-6-IPACCESSLOGP: list 100 permitted udp 10.40.64.1(67) -> 255.255.
255.255(68), 9 packets
18:34:25: %SEC-6-IPACCESSLOGP: list 101 permitted udp 24.223.139.68(104) -> 10.2
55.255.255(138), 1 packet
18:34:27: %SEC-6-IPACCESSLOGS: list 1 permitted 10.10.10.60 6 packets
18:34:27: %SEC-6-IPACCESSLOGP: list 101 permitted udp 24.223.139.68(137) -> 192.
168.0.10(137), 6 packets
18:35:27: %SEC-6-IPACCESSLOGP: list 100 permitted udp 207.69.188.185(53) -> 24.2
23.139.66(4240), 2 packets
18:35:27: %SEC-6-IPACCESSLOGP: list 101 permitted udp 24.223.139.68(4240) -> 207
.69.188.185(53), 1 packet
18:35:27: %SEC-6-IPACCESSLOGS: list 1 permitted 10.10.10.66 1 packet
18:36:27: %SEC-6-IPACCESSLOGP: list 101 permitted udp 24.223.139.68(137) -> 10.2
55.255.255(137), 1 packet
18:37:27: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 24.223.139.68(1993) -> 207
.46.106.149(1863), 2 packets
18:37:27: %SEC-6-IPACCESSLOGP: list 101 permitted udp 24.223.139.68(138) -> 10.2
55.255.255(138), 5 packets
18:37:27: %SEC-6-IPACCESSLOGP: list 100 permitted tcp 207.46.106.149(1863) -> 24
.223.139.66(1993), 2 packets
18:38:27: %SEC-6-IPACCESSLOGP: list 100 permitted udp 10.40.64.1(67) -> 255.255.
255.255(68), 4 packets
18:39:19: %SEC-6-IPACCESSLOGP: list 100 permitted udp 64.156.39.12(666) -> 24.22
3.139.66(1026), 1 packet
18:39:27: %SEC-6-IPACCESSLOGS: list 1 permitted 10.10.10.60 10 packets
18:39:27: %SEC-6-IPACCESSLOGP: list 101 permitted udp 24.223.139.68(137) -> 192.
168.0.10(137), 12 packets
18:40:07: %SEC-6-IPACCESSLOGP: list 100 permitted tcp 220.190.40.70(3465) -> 24.
223.139.66(5554), 1 packet
18:41:21: %SEC-6-IPACCESSLOGP: list 101 permitted udp 24.223.139.68(105) -> 10.2
55.255.255(138), 1 packet
18:41:27: %SEC-6-IPACCESSLOGS: list 1 permitted 10.10.10.66 1 packet
18:42:27: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 24.223.139.68(1993) -> 207
.46.106.149(1863), 1 packet
18:42:27: %SEC-6-IPACCESSLOGP: list 101 permitted udp 24.223.139.68(138) -> 10.2
55.255.255(138), 5 packets
18:42:27: %SEC-6-IPACCESSLOGP: list 100 permitted tcp 207.46.106.149(1863) -> 24
.223.139.66(1993), 1 packet
18:43:27: %SEC-6-IPACCESSLOGP: list 100 permitted udp 10.40.64.1(67) -> 255.255.
255.255(68), 6 packets
18:44:27: %SEC-6-IPACCESSLOGS: list 1 permitted 10.10.10.60 6 packets
18:44:27: %SEC-6-IPACCESSLOGP: list 101 permitted udp 24.223.139.68(137) -> 192.
168.0.10(137), 6 packets
18:45:27: %SEC-6-IPACCESSLOGP: list 100 permitted tcp 220.190.40.70(3715) -> 24.
223.139.66(9898), 1 packet
18:46:25: %SEC-6-IPACCESSLOGP: list 101 permitted udp 24.223.139.68(106) -> 10.2
55.255.255(138), 1 packet
18:46:27: %SEC-6-IPACCESSLOGS: list 1 permitted 10.10.10.66 1 packet
18:47:27: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 24.223.139.68(1993) -> 207
.46.106.149(1863), 1 packet
18:47:27: %SEC-6-IPACCESSLOGP: list 101 permitted udp 24.223.139.68(138) -> 10.2
55.255.255(138), 4 packets
18:47:27: %SEC-6-IPACCESSLOGP: list 100 permitted tcp 207.46.106.149(1863) -> 24
.223.139.66(1993), 1 packet
18:48:27: %SEC-6-IPACCESSLOGP: list 101 permitted udp 24.223.139.68(137) -> 10.2
55.255.255(137), 1 packet
18:48:27: %SEC-6-IPACCESSLOGP: list 100 permitted udp 10.40.64.1(67) -> 255.255.
255.255(68), 6 packets
18:49:27: %SEC-6-IPACCESSLOGS: list 1 permitted 10.10.10.60 10 packets
18:49:27: %SEC-6-IPACCESSLOGP: list 101 permitted udp 24.223.139.68(137) -> 192.
168.0.10(137), 12 packets
18:50:09: %SEC-6-IPACCESSLOGP: list 101 permitted udp 24.223.139.68(4240) -> 207
.69.188.185(53), 1 packet
18:50:29: %SEC-6-IPACCESSLOGP: list 100 permitted tcp 207.46.106.149(1863) -> 24
.223.139.66(1993), 1 packet
18:51:17: %SEC-6-IPACCESSLOGS: list 1 permitted 10.10.10.60 1 packet
18:51:21: %SEC-6-IPACCESSLOGP: list 100 permitted udp 10.40.64.1(67) -> 255.255.
255.255(68), 1 packet
18:51:27: %SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 11 pa
ckets
18:52:09: %SEC-6-IPACCESSLOGDP: list 100 permitted icmp 194.203.77.66 -> 24.223.
139.66 (8/0), 1 packet
18:52:19: %SEC-6-IPACCESSLOGS: list 1 permitted 10.10.10.66 1 packet
18:52:27: %SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 30 pa
ckets
18:52:27: %SEC-6-IPACCESSLOGP: list 101 permitted udp 24.223.139.68(138) -> 10.2
55.255.255(138), 5 packets
18:52:31: %SEC-6-IPACCESSLOGP: list 100 permitted tcp 194.203.77.66(3199) -> 24.
223.139.66(1433), 1 packet
18:55:00: %SEC-6-IPACCESSLOGP: list 100 permitted tcp 207.46.106.149(1863) -> 24
.223.139.66(1993), 1 packet
18:55:27: %SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 10 pa
ckets
18:55:27: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 24.223.139.68(2917) -> 207
.46.248.114(80), 9 packets
18:55:27: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 24.223.139.68(2915) -> 207
.46.196.100(80), 9 packets
18:55:27: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 24.223.139.68(2916) -> 207
.46.196.100(80), 7 packets
18:56:21: %SEC-6-IPACCESSLOGP: list 101 permitted udp 24.223.139.68(108) -> 10.2
55.255.255(138), 1 packet
18:56:27: %SEC-6-IPACCESSLOGP: list 101 permitted udp 24.223.139.68(137) -> 192.
168.0.10(137), 9 packets
18:56:27: %SEC-6-IPACCESSLOGS: list 1 permitted 10.10.10.60 8 packets
18:56:27: %SEC-6-IPACCESSLOGP: list 100 permitted udp 10.40.64.1(67) -> 255.255.
255.255(68), 9 packets
18:56:29: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 24.223.139.68(2940) -> 207
.46.196.100(80), 1 packet
18:57:27: %SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 4 pac
kets
18:57:27: %SEC-6-IPACCESSLOGP: list 101 permitted udp 24.223.139.68(4240) -> 207
.69.188.185(53), 1 packet
18:57:27: %SEC-6-IPACCESSLOGP: list 101 permitted udp 24.223.139.68(107) -> 10.2
55.255.255(137), 2 packets
18:57:27: %SEC-6-IPACCESSLOGS: list 1 permitted 10.10.10.66 4 packets
18:57:27: %SEC-6-IPACCESSLOGP: list 100 permitted udp 207.69.188.185(53) -> 24.2
23.139.66(4240), 1 packet
18:57:27: %SEC-6-IPACCESSLOGP: list 101 permitted udp 24.223.139.68(138) -> 10.2
55.255.255(138), 5 packets
18:57:46: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 24.223.139.68(2956) -> 207
.46.196.100(80), 1 packet
18:58:10: %SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 10 pa
ckets
18:58:10: %SEC-6-IPACCESSLOGP: list 100 permitted tcp 207.46.196.100(80) -> 24.2
23.139.66(2957), 3 packets
18:58:10: %SEC-6-IPACCESSLOGP: list 100 permitted tcp 207.46.248.114(80) -> 24.2
23.139.66(2941), 11 packets
18:58:10: %SEC-6-IPACCESSLOGP: list 100 permitted tcp 207.46.196.100(80) -> 24.2
23.139.66(2956), 2 packets
18:58:10: %SEC-6-IPACCESSLOGP: list 100 permitted tcp 207.46.248.114(80) -> 24.2
23.139.66(2959), 3 packets
18:58:10: %SEC-6-IPACCESSLOGP: list 100 permitted udp 10.40.64.1(67) -> 255.255.
255.255(68), 4 packets
18:58:10: %SEC-6-IPACCESSLOGP: list 100 permitted tcp 207.46.248.114(80) -> 24.2
23.139.66(2958), 3 packets
18:58:14: %SYS-5-CONFIG_I: Configured from console by vty0 (10.10.10.60)
18:58:27: %SEC-6-IPACCESSLOGP: list 101 permitted udp 24.223.139.68(108) -> 10.2
55.255.255(138), 1 packet
18:58:35: %SYS-5-CONFIG_I: Configured from console by vty0 (10.10.10.60)
18:58:46: %SEC-6-IPACCESSLOGP: list 101 permitted udp 24.223.139.68(1029) -> 207
.69.188.185(53), 1 packet
18:58:50: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 24.223.139.68(22408) -> 21
6.239.41.104(80), 1 packet
18:58:56: %SEC-6-IPACCESSLOGP: list 100 permitted udp 10.40.64.1(67) -> 255.255.
255.255(68), 1 packet
18:59:17: %SEC-6-IPACCESSLOGP: list 101 permitted udp 24.223.139.68(137) -> 192.
168.0.10(137), 1 packet
18:59:22: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 24.223.139.68(22410) -> 20
7.33.111.32(80), 1 packet
18:59:24: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 24.223.139.68(22413) -> 65
.61.165.21(80), 1 packet
18:59:26: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 24.223.139.68(22414) -> 20
7.33.111.32(443), 1 packet
18:59:27: %SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 133 p
ackets
18:59:28: %SEC-6-IPACCESSLOGP: list 100 permitted tcp 207.33.111.35(37212) -> 24
.223.139.66(1080), 1 packet
18:59:30: %SEC-6-IPACCESSLOGP: list 100 permitted tcp 207.46.106.149(1863) -> 24
.223.139.66(1993), 1 packet
18:59:32: %SEC-6-IPACCESSLOGP: list 100 permitted tcp 207.33.111.35(42237) -> 24
.223.139.66(8080), 1 packet
18:59:34: %SEC-6-IPACCESSLOGP: list 100 permitted tcp 207.33.111.35(48385) -> 24
.223.139.66(54321), 1 packet
18:59:39: %SEC-6-IPACCESSLOGP: list 101 permitted udp 24.223.139.68(137) -> 192.
168.0.10(137), 1 packet
18:59:40: %SEC-6-IPACCESSLOGP: list 100 permitted tcp 65.61.165.21(80) -> 24.223
.139.66(22412), 1 packet
18:59:44: %SEC-6-IPACCESSLOGS: list 1 permitted 10.10.10.60 1 packet
18:59:58: %SEC-6-IPACCESSLOGP: list 100 permitted tcp 207.33.111.32(80) -> 24.22
3.139.66(22411), 1 packet
19:00:01: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 24.223.139.68(22416) -> 20
7.33.111.32(80), 1 packet
19:00:03: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 24.223.139.68(22407) -> 21
6.239.41.104(80), 1 packet
19:00:05: %SEC-6-IPACCESSLOGP: list 101 permitted udp 24.223.139.68(137) -> 10.2
55.255.255(137), 1 packet
19:00:09: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 24.223.139.68(22419) -> 21
6.239.41.104(80), 1 packet
19:00:11: %SEC-6-IPACCESSLOGP: list 101 permitted udp 24.223.139.68(1029) -> 207
.69.188.185(53), 1 packet
19:00:13: %SEC-6-IPACCESSLOGP: list 100 permitted udp 10.40.64.1(67) -> 255.255.
255.255(68), 1 packet
19:00:21: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 24.223.139.68(22423) -> 21
6.45.19.33(80), 1 packet
19:00:25: %SEC-6-IPACCESSLOGP: list 101 permitted udp 24.223.139.68(138) -> 10.2
55.255.255(138), 1 packet
19:00:27: %SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 211 p
ackets
19:00:32: %SEC-6-IPACCESSLOGP: list 100 permitted tcp 207.33.111.32(80) -> 24.22
3.139.66(22416), 1 packet
19:01:11: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 24.223.139.68(22419) -> 21
6.239.41.104(80), 1 packet
19:01:17: %SEC-6-IPACCESSLOGP: list 101 permitted udp 24.223.139.68(137) -> 192.
168.0.10(137), 1 packet
19:01:27: %SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 59 pa
ckets
19:02:23: %SEC-6-IPACCESSLOGS: list 1 permitted 10.10.10.66 1 packet
19:02:27: %SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 174 p
ackets
19:02:35: %SEC-6-IPACCESSLOGP: list 100 permitted udp 10.40.64.1(67) -> 255.255.
255.255(68), 1 packet
19:02:41: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 24.223.139.68(22427) -> 21
6.45.19.33(80), 1 packet
19:02:42: %SEC-6-IPACCESSLOGP: list 101 permitted tcp 24.223.139.68(22429) -> 21
6.239.41.104(80), 1 packet
router1#
 
Upvote 0 Downvote
OK..guys i got ftp working....actually it has worked all along....i didnt realize i could test from my OUTSIDE interface...which is what i was doing when i had a netgear...well thanks for everyones help!!!!!!!!!!



Kidem
 
Upvote 0 Downvote
great. good luck in the future.

Lui3
CCNP,CCDA,A+/Net+
Cisco Wireless Specialization
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Mogles49
  • Locked
  • Question
Firewall ACL question
Replies
1
Views
278
burtsbees
burtsbees
acabezas2014
  • Locked
  • Question
Create ACL for ip range
Replies
2
Views
264
acabezas2014
acabezas2014
hunt3rxhunt3r
  • Locked
  • Question
ACL to allow address range access to internal address range behind dynamic nat ip
Replies
0
Views
176
hunt3rxhunt3r
hunt3rxhunt3r
checker1965
  • Locked
  • Question
Avaya IP Office LAN1 and LAN2 network connection problems
Replies
2
Views
192
checker1965
checker1965
xdxml12
  • Locked
  • Question
ACL
Replies
3
Views
197
xdxml12
xdxml12

Part and Inventory Search

Sponsor

Back
Top