Cisco 2811 ACL problem!

Discussion in 'Hardware' started by rinoel, Jul 26, 2009.

  1. rinoel

    rinoel

    Joined:
    Jul 16, 2009
    Messages:
    5
    Hi there, I have a problem to configure the right way an ACL to block incoming ping from other lan to a specific pc to my lan.

    I have a 2811 router, I have done succesfully to block the ping's coming from outside, but it block's all pc-s on my lan from ping's, I need it to apply only to one (specific) pc the incoming ping's, how can I achieve that ???
    rinoel, Jul 26, 2009
    #1
    1. Advertising

  2. rinoel

    adeelasher

    Joined:
    Jun 29, 2009
    Messages:
    19
    first permit icmp to that specific ip address
    then deny all icmp
    and then permit ip any any
    if u need further details plz let me know...
    adeelasher, Jul 26, 2009
    #2
    1. Advertising

  3. rinoel

    rinoel

    Joined:
    Jul 16, 2009
    Messages:
    5
    This is my current config:

    My internal interface 192.168.1.254 has three pc's
    - 192.168.1.1
    - 192.168.1.2 and
    - 192.168.1.3

    The external interface is 192.168.100.254...

    I have done that what adeelasher said, but it block's again the whole three pc's from pinging from outside...

    Can you explain me in details how to achieve that, I have tried a lot of things but can't achieve to block the ping's to only one pc, instead it block's all of them from ping-ing
    rinoel, Jul 26, 2009
    #3
  4. rinoel

    adeelasher

    Joined:
    Jun 29, 2009
    Messages:
    19
    where r u applying that access list i mean which interface and what direction...
    adeelasher, Jul 27, 2009
    #4
  5. rinoel

    adeelasher

    Joined:
    Jun 29, 2009
    Messages:
    19
    Below is the sample config for you i hope it would be helpful...just let me know if there is any issue.. i guess the problem is which direction you are applying that ACL.

    version 12.4
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname R0
    !
    boot-start-marker
    boot-end-marker
    !
    !
    !
    !
    interface FastEthernet0/0 (inside)
    ip address 192.168.1.254 255.255.255.0
    duplex auto
    speed auto
    !
    interface FastEthernet1/0 (outside)
    ip address 192.168.100.254 255.255.255.0
    ip access-group 101 in
    duplex auto
    speed auto
    !
    ip http server
    no ip http secure-server
    !
    !
    !
    access-list 101 permit icmp any host 192.168.1.2 (to allow access to single ip address from outside)
    access-list 101 deny icmp any any (to deny all icmp from outside to inside)
    access-list 101 permit ip any any (to allow all other traffice)
    !
    !
    !
    control-plane
    !
    adeelasher, Jul 27, 2009
    #5
  6. rinoel

    rinoel

    Joined:
    Jul 16, 2009
    Messages:
    5
    Hi adeelasher, can I pls have ur msn add or other contact address ??
    rinoel, Jul 27, 2009
    #6
  7. rinoel

    rinoel

    Joined:
    Jul 16, 2009
    Messages:
    5
    I got it working, everything's fine right now, thnx a lot man... ;)
    rinoel, Jul 28, 2009
    #7
  8. rinoel

    adeelasher

    Joined:
    Jun 29, 2009
    Messages:
    19
    yes its ccie1 @ live . com
    adeelasher, Aug 24, 2009
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Shad T
    Replies:
    0
    Views:
    576
    Shad T
    Jun 29, 2004
  2. Iggy
    Replies:
    0
    Views:
    1,045
  3. Vimokh
    Replies:
    3
    Views:
    5,604
    Vimokh
    Sep 6, 2006
  4. pix help
    Replies:
    2
    Views:
    1,325
    pix help
    Jan 31, 2007
  5. dylan@thurstonco.com
    Replies:
    0
    Views:
    1,225
    dylan@thurstonco.com
    Feb 13, 2009
Loading...

Share This Page