argh!!! more acl issues

Discussion in 'Cisco' started by David Hodgson, Aug 16, 2004.

  1. Hi folks,

    I have..

    Interface e2/2
    ip access-group 100 out

    access-list 100 permit tcp host 1.1.1.1 host 2.2.2.2 eq 22

    this allows only traffic inward from 1.1.1.1 to 2.2.2.2 using ssh, but
    2.2.2.2 cannot see outward now, it is directly connected to the web and it
    can't see anything on any port.

    I tried to add the following commands ( keeping the original commands)

    interface e2/2
    ip access-group 101 in

    access-list 101 permit ip any any

    didn't work

    am I doing this right?

    thanks
    Dave
     
    David Hodgson, Aug 16, 2004
    #1
    1. Advertising

  2. David Hodgson

    Doan Guest

    On Mon, 16 Aug 2004, David Hodgson wrote:

    > Hi folks,
    >
    > I have..
    >
    > Interface e2/2
    > ip access-group 100 out
    >
    > access-list 100 permit tcp host 1.1.1.1 host 2.2.2.2 eq 22
    >
    > this allows only traffic inward from 1.1.1.1 to 2.2.2.2 using ssh, but
    > 2.2.2.2 cannot see outward now, it is directly connected to the web and it
    > can't see anything on any port.
    >
    > I tried to add the following commands ( keeping the original commands)
    >
    > interface e2/2
    > ip access-group 101 in
    >
    > access-list 101 permit ip any any
    >
    > didn't work
    >
    > am I doing this right?
    >
    > thanks
    > Dave
    >

    You forgot the implicit deny all at the end of every acl. You have to
    change your ACL 100.

    Doan
     
    Doan, Aug 16, 2004
    #2
    1. Advertising

  3. don't forget there is an implicit deny all unless you put permit any any in
    there


    "David Hodgson" <> wrote in message
    news:cfqksj$60l$1$...
    > Hi folks,
    >
    > I have..
    >
    > Interface e2/2
    > ip access-group 100 out
    >
    > access-list 100 permit tcp host 1.1.1.1 host 2.2.2.2 eq 22
    >
    > this allows only traffic inward from 1.1.1.1 to 2.2.2.2 using ssh, but
    > 2.2.2.2 cannot see outward now, it is directly connected to the web and it
    > can't see anything on any port.
    >
    > I tried to add the following commands ( keeping the original commands)
    >
    > interface e2/2
    > ip access-group 101 in
    >
    > access-list 101 permit ip any any
    >
    > didn't work
    >
    > am I doing this right?
    >
    > thanks
    > Dave
    >
    >
     
    slipstream_242, Aug 16, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Shad T
    Replies:
    0
    Views:
    702
    Shad T
    Jun 29, 2004
  2. Replies:
    10
    Views:
    39,349
  3. Ja D
    Replies:
    4
    Views:
    1,264
    Adrienne
    Jul 2, 2004
  4. Replies:
    0
    Views:
    900
  5. Vimokh
    Replies:
    3
    Views:
    5,797
    Vimokh
    Sep 6, 2006
Loading...

Share This Page