Thursday, July 16, 2015

Ticket 5 – R1 ACL

Client is not able to ping the server. no one can ping the server.
Problem:on R1 acl blocking ip
Configuration on R1
interface Serial0/0/1
 description Link to ISP
 ip address
 ip nat outside
 ip access-group edge_security in
ip access-list extended edge_security
 deny ip any
 deny ip any
 deny ip any
 deny any
 permit ip host any
Answer: add permit ip any command to R1’s ACL
Ans1) R1
Ans2) IPv4 Layer 3 Security
Ans3) Under the ip access-list extended edge-security configuration add the permit ip any command
+ This is the only ticket the extended access-list edge_security exists. In other tickets, the access-list 30 is applied to the inbound direction of S0/0/1 of R1.
+ Although host is permitted to go through the access-list (permit ip host any) but R1 cannot ping the web server because R1 cannot establish BGP session with neighbor


Post a Comment