Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > argh!!! more acl issues

Reply
Thread Tools

argh!!! more acl issues

 
 
David Hodgson
Guest
Posts: n/a
 
      08-16-2004
Hi folks,

I have..

Interface e2/2
ip access-group 100 out

access-list 100 permit tcp host 1.1.1.1 host 2.2.2.2 eq 22

this allows only traffic inward from 1.1.1.1 to 2.2.2.2 using ssh, but
2.2.2.2 cannot see outward now, it is directly connected to the web and it
can't see anything on any port.

I tried to add the following commands ( keeping the original commands)

interface e2/2
ip access-group 101 in

access-list 101 permit ip any any

didn't work

am I doing this right?

thanks
Dave


 
Reply With Quote
 
 
 
 
Doan
Guest
Posts: n/a
 
      08-16-2004
On Mon, 16 Aug 2004, David Hodgson wrote:

> Hi folks,
>
> I have..
>
> Interface e2/2
> ip access-group 100 out
>
> access-list 100 permit tcp host 1.1.1.1 host 2.2.2.2 eq 22
>
> this allows only traffic inward from 1.1.1.1 to 2.2.2.2 using ssh, but
> 2.2.2.2 cannot see outward now, it is directly connected to the web and it
> can't see anything on any port.
>
> I tried to add the following commands ( keeping the original commands)
>
> interface e2/2
> ip access-group 101 in
>
> access-list 101 permit ip any any
>
> didn't work
>
> am I doing this right?
>
> thanks
> Dave
>

You forgot the implicit deny all at the end of every acl. You have to
change your ACL 100.

Doan


 
Reply With Quote
 
 
 
 
slipstream_242
Guest
Posts: n/a
 
      08-16-2004
don't forget there is an implicit deny all unless you put permit any any in
there


"David Hodgson" <(E-Mail Removed)> wrote in message
news:cfqksj$60l$1$(E-Mail Removed)...
> Hi folks,
>
> I have..
>
> Interface e2/2
> ip access-group 100 out
>
> access-list 100 permit tcp host 1.1.1.1 host 2.2.2.2 eq 22
>
> this allows only traffic inward from 1.1.1.1 to 2.2.2.2 using ssh, but
> 2.2.2.2 cannot see outward now, it is directly connected to the web and it
> can't see anything on any port.
>
> I tried to add the following commands ( keeping the original commands)
>
> interface e2/2
> ip access-group 101 in
>
> access-list 101 permit ip any any
>
> didn't work
>
> am I doing this right?
>
> thanks
> Dave
>
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
TRICKY VLAN ACL issues (reflexive VACLs!!!) jagg Cisco 2 01-09-2009 06:51 PM
Dhcp Relay Agent And Acl On Sw 3750, DHCP Relay Agent and ACL on Sw 3750 Vimokh Cisco 3 09-06-2006 02:16 AM
Kamaelia 0.4.0 RELEASED - Faster! More Tools! More Examples! More Docs! ;-) Michael Python 4 06-26-2006 08:00 AM
With a Ruby Yell: more, more more! Robert Klemme Ruby 5 09-29-2005 06:37 AM
PIX - Can extended ACL's be used as crypto ACL's on a PIX Shad T Cisco 0 06-29-2004 06:27 PM



Advertisments