You can do that with
access-list 101 permit tcp any any
Hth,
Ole
~~~~~~~~~~~~~~~~~~~~~~~~~~
Ole Drews Jensen
Systems Network Manager
CCNA, MCSE, MCP+I
RWR Enterprises, Inc.
[EMAIL PROTECTED]
~~~~~~~~~~~~~~~~~~~~~~~~~~
-----Original Message-----
From: Yee, Jason [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 24, 2000 8:46 PM
To: 'Ole Drews Jensen'
Subject: RE: can't ping ??Please help??
thanks once again, my question is instead of just allowing icmp packets, I
would want to allow tcp packets of any kind say http, trace, ping etc. by
using keyword established
Jason
-----Original Message-----
From: Ole Drews Jensen [mailto:[EMAIL PROTECTED]]
Sent: Friday, August 25, 2000 9:43 AM
To: Yee, Jason
Subject: RE: can't ping ??Please help??
I am not sure I understand you question, but from a trouble-shooting point,
I would first disable the access-lists, and if that fixes the problem you
can modify the list until it works.
If it does not fix the problem, you know that the access-lists are not
causing the problem, and you would not need to modify them, but could start
looking elsewhere.
If you want to specify that you want to allow icmp access, you can type this
command as the first line (or at least before any line that denies traffic
that includes icmp) in both your incoming and outgoing access-lists for
interface serial 1 (110 and 120):
access-list 101 permit icmp any any echo echo-reply
Hth,
Ole
~~~~~~~~~~~~~~~~~~~~~~~~~~
Ole Drews Jensen
Systems Network Manager
CCNA, MCSE, MCP+I
RWR Enterprises, Inc.
[EMAIL PROTECTED]
~~~~~~~~~~~~~~~~~~~~~~~~~~
-----Original Message-----
From: Yee, Jason [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 24, 2000 8:34 PM
To: 'Ole Drews Jensen'
Subject: RE: can't ping ??Please help??
thanks for your prompt reply I appreciate it very much ok I will try that
out
Anyway just curious, can't I use the keyword established to establish icmp
both ways?
Jason
-----Original Message-----
From: Ole Drews Jensen [mailto:[EMAIL PROTECTED]]
Sent: Friday, August 25, 2000 9:31 AM
To: Yee, Jason; '[EMAIL PROTECTED]'
Subject: RE: can't ping ??Please help??
Try to disable your access lists (110 and 120) on s1 and see if that helps.
Ping needs icmp access both ways.
Ole
~~~~~~~~~~~~~~~~~~~~~~~~~~
Ole Drews Jensen
Systems Network Manager
CCNA, MCSE, MCP+I
RWR Enterprises, Inc.
[EMAIL PROTECTED]
~~~~~~~~~~~~~~~~~~~~~~~~~~
-----Original Message-----
From: Yee, Jason [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 24, 2000 7:59 PM
To: '[EMAIL PROTECTED]'
Subject: can't ping ??Please help??
hi group buddies
Can you please help in this : thanks
ping result, execute from router itself:
router1#p 202.161.128.30
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 202.161.128.30, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
traceroute result to 202.161.128.30 from Yahoo.com:
FROM net.yahoo.com TO 202.161.128.30.
traceroute to 202.161.128.30 (202.161.128.30), 30 hops max, 40 byte packets
1 e-1.4700m-1.3400.yahoo.com (206.132.105.1) 0.990 ms 1.636 ms 1.070 ms
2 gw3-rtr (206.251.17.3) 2.380 ms 2.086 ms 1.161 ms
3 hssi1-0.gw4.sce.yahoo.com (216.115.100.249) 3.887 ms 2.424 ms 1.942
ms
4 peer-geo11.sce.yahoo.com (216.34.143.65) 1.954 ms 2.120 ms 1.763 ms
5 216.34.142.149 (216.34.142.149) 2.060 ms 1.810 ms 2.483 ms
6 dcr04-g2-0.sntc01.exodus.net (216.33.146.25) 2.335 ms 2.045 ms 2.298
ms
7 * * *
8 exodus-gw.sffca.ip.att.net (192.205.32.105) 6.426 ms 8.896 ms 6.720
ms
9 gbr2-p11.sffca.ip.att.net (12.123.12.242) 8.727 ms 7.433 ms 8.707 ms
10 gar1-p370.sffca.ip.att.net (12.123.13.61) 5.895 ms 6.899 ms 7.601 ms
11 12.123.195.17 (12.123.195.17) 248.321 ms 277.026 ms 243.271 ms
12 12.125.92.38 (12.125.92.38) 261.956 ms 266.575 ms *
13 202.161.130.21 (202.161.130.21) 206.170 ms 199.312 ms 248.880 ms
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
traceroute result to 202.180.8.100 from Yahoo.com:
FROM net.yahoo.com TO 202.180.8.100.
traceroute to 202.180.8.100 (202.180.8.100), 30 hops max, 40 byte packets
1 e-1.4700m-1.3400.yahoo.com (206.132.105.1) 1.124 ms 0.766 ms 0.745 ms
2 gw3-rtr (206.251.17.3) 2.329 ms 1.957 ms 1.109 ms
3 hssi1-0.gw4.sce.yahoo.com (216.115.100.249) 3.207 ms 1.878 ms 2.087
ms
4 peer-geo11.sce.yahoo.com (216.34.143.65) 1.700 ms 1.629 ms 1.636 ms
5 216.34.142.149 (216.34.142.149) 12.076 ms 1.880 ms 1.859 ms
6 dcr03-g2-0.sntc01.exodus.net (216.33.146.17) 1.767 ms 1.589 ms 1.760
ms
7 * * *
8 exodus-gw.sffca.ip.att.net (192.205.32.105) 6.270 ms 8.423 ms 8.113
ms
9 gbr2-p11.sffca.ip.att.net (12.123.12.242) 6.085 ms 8.080 ms 9.306 ms
10 gar1-p370.sffca.ip.att.net (12.123.13.61) 5.795 ms 6.917 ms 6.938 ms
11 12.123.195.17 (12.123.195.17) 223.784 ms 229.253 ms 224.913 ms
12 * 12.125.92.38 (12.125.92.38) 188.236 ms 195.586 ms
13 202.161.130.21 (202.161.130.21) 172.644 ms 177.564 ms 180.644 ms
14 * * *
15 masterdon.access.net.id (202.180.0.2) 567.652 ms 640.227 ms 2370.923
ms
16 pteredon100.access.net.id (202.180.8.100) 980.552 ms 1990.342 ms
2325.658 ms
router1#s log
Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns)
Console logging: disabled
Monitor logging: level debugging, 0 messages logged
Trap logging: level informational, 69 message lines logged
router1#s conf
Using 2378 out of 32762 bytes
!
version 11.0
service nagle
service password-encryption
service udp-small-servers
service tcp-small-servers
!
hostname router1
!
enable secret 5 $1$golO$lfaocwB9l64SyG4Vqm2.T.
enable password 7 071C24404B0D0B0C
!
!
interface Ethernet0
ip address 202.180.0.4 255.255.255.0
!
interface Serial0
ip address 202.161.128.30 255.255.255.252
encapsulation frame-relay IETF
shutdown
frame-relay interface-dlci 189
frame-relay lmi-type ansi
!
interface Serial1
ip address 202.161.128.30 255.255.255.252
ip access-group 110 in
ip access-group 120 out
encapsulation frame-relay IETF
frame-relay interface-dlci 189
frame-relay lmi-type ansi
!
router bgp 7587
network 202.180.8.0 mask 255.255.248.0
network 202.180.2.0 mask 255.255.252.0
neighbor 202.161.128.29 remote-as 11919
!
ip domain-name access.net.id
ip name-server 202.180.0.13
ip route 0.0.0.0 0.0.0.0 202.180.0.1
ip route 202.180.2.0 255.255.255.0 202.180.0.1
ip route 202.180.3.0 255.255.255.0 202.180.0.1
ip route 202.180.8.0 255.255.248.0 Null0
ip route 202.180.8.72 255.255.255.248 202.180.0.3
ip route 202.180.8.96 255.255.255.224 202.180.0.2
ip route 202.180.8.128 255.255.255.224 202.180.0.3
ip route 202.180.10.16 255.255.255.240 202.180.0.3
ip route 202.180.10.32 255.255.255.240 202.180.0.1
ip route 202.180.10.48 255.255.255.240 202.180.0.3
ip route 202.180.10.80 255.255.255.240 202.180.0.3
ip route 202.180.10.128 255.255.255.224 202.180.0.1
ip route 202.180.10.192 255.255.255.224 202.180.0.1
ip route 202.180.10.224 255.255.255.240 202.180.0.1
ip route 202.180.11.16 255.255.255.240 202.180.0.1
ip route 202.180.12.192 255.255.255.192 202.180.0.10
ip route 202.180.13.0 255.255.255.0 202.180.0.9
ip route 202.180.14.0 255.255.255.0 202.180.0.6
no logging console
access-list 110 deny ip 202.180.0.0 0.0.31.255 any
access-list 110 permit ip any 202.180.0.0 0.0.31.255
access-list 110 permit ip any host 202.161.128.30
access-list 110 deny ip any any
access-list 120 permit ip 202.180.0.0 0.0.31.255 any
access-list 120 permit ip host 202.161.128.30 any
access-list 120 deny ip any any
access-list 131 permit ip any 202.180.14.0 0.0.0.255
snmp-server community gen0800 RO
!
line con 0
transport input none
line aux 0
transport input none
line vty 0 4
password 7 111A1C0912161905
login
!
end
___________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
___________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
