RE: Access-Lists

Sun, 20 Aug 2000 17:08:29 -0700 

Hi intekhab,

I'm also new to this field.
1. access-list 121 deny ip X.X.X.0 0.0.0.192 any log
2. access-list 121 permit tcp any host X.X.X.X eq 25 log
3. access-list 121 permit tcp any host X.X.X.X eq 53 log
4. access-list 121 permit udp any host X.X.X.X eq 53 log
5. access-list 121 permit icmp any any log
6. access-list 121 permit tcp any any log
7. access-list 121 deny ip any any log

as far as my understanding When you block IP You can't ping. so try "
access-list 121 permit ip any any log ".

on your rule 1 you deny ip access to specific host or subnet but rule 7 you
deny ip to all. so I think no point putting rule 1. same with rule 2, 3 and
4 because you permit tcp to all on rule 6. I think you shouldn't permit tcp
any any, only allow what you want. someone can correct me if I am wrong.

Thanks

Palitha
MCP CCNA



-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED]
Sent: Saturday, 19 August 2000 21:01
To: [EMAIL PROTECTED]
Subject: Access-Lists


Hi there,

        I am new to this lists. Thanks to all the people who have posted thier
views here and helping others like me to learn and implement. I have
configured my 2600 by reading all the articles posted here. Now i have a
problem with the access-list here is my access-list:-

access-list 121 deny ip X.X.X.0 0.0.0.192 any log
access-list 121 permit tcp any host X.X.X.X eq 25 log
access-list 121 permit tcp any host X.X.X.X eq 53 log
access-list 121 permit udp any host X.X.X.X eq 53 log
access-list 121 permit icmp any any log
access-list 121 permit tcp any any log
access-list 121 deny ip any any log

        The task is simple, block all unwanted traffic from the INTERNET and allow
the one I want to. It doesnt work, I mean i cant ping anythin outside, i
cant give any HTTP requests. The only thing thats works is the smtp part for
the mailserver host. pls can anyone tellme where am i wrong.

Thanks in advance.

- Intekhab
Network Engineer


Contribute to a United India
Get your free email account at http://www.sawaal.com



-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Reply via email to