Hi All, I have what seems like a trivial problem but can't figure out what's causing it. I am trying to SSH from Host A (210.15.210.x) to Host B (203.12.53.x). Host B is in VLAN2 and there's an ACL on VLAN2 that denies external IP's from accessing it. What I'm finding is that when I apply the ACL (VLAN2-FILTER-OUT ) to VLAN2, it takes a very long time for the SSH login promtp to appear. If I remove the ACL on VLAN2, the SSH prompt is instantaneous. What's going on with my ACL??? Why the lag for the SSH prompt to appear? interface Vlan2 ip address 203.12.53.aaa 255.255.255.224 ip access-group VLAN2-FILTER-OUT out no ip redirects no ip mroute-cache ip ospf priority 15 load-interval 30 tag-switching ip ! ip access-list extended VLAN1-FILTER-OUT permit ip host 203.10.110.x host 203.12.53.x permit ip host 203.10.110.y host 203.12.53.x permit ip host 203.10.110.z host 203.12.53.x permit ip 172.16.50.0 0.0.0.255 host 203.12.53.x permit ip 172.16.51.0 0.0.0.255 host 203.12.53.x permit ip 203.17.103.0 0.0.0.255 host 203.12.53.x permit ip 203.17.101.0 0.0.0.255 host 203.12.53.x permit ip 210.15.210.0 0.0.0.255 host 203.12.53.x permit ip 203.17.96.0 0.0.0.255 host 203.12.53.x permit ip 203.17.102.0 0.0.0.255 host 203.12.53.x permit ip 172.16.9.0 0.0.0.255 host 203.12.53.x deny ip any host 203.12.53.x permit ip any any
Interestingly enough when I "permit ip any" to access Host B as the very first line in the ACL, the SSH prompt is instantaneous. permit ip any host 203.12.53.x log I even tried permiting Host A as the very first line in the ACL like so, but no joy. permit ip host 210.15.210.x host 203.12.53.x log Any ideas??? Thanks. Andy _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
