Team,
After configuring security on R7, I can no longer ping R8 interface Lo1
(200.0.0.8) from anywhere in the network.
The relevant ACL config is as follows:
R7#
# ip access-list extended IPEXPERT
deny tcp 192.168.80.0 0.0.0.31 any eq www log
........... truncated ..........................
permit tcp 192.168.80.0 0.0.0.31 192.168.100.0 0.0.0.255 eq ftp
permit tcp 192.168.80.0 0.0.0.31 eq ftp 192.168.100.0 0.0.0.255
permit tcp 192.168.80.0 0.0.0.31 192.168.100.0 0.0.0.255 eq ftp-data
permit tcp 192.168.80.0 0.0.0.31 eq ftp-data 192.168.100.0 0.0.0.255
permit icmp host 192.168.11.6 any
permit tcp host 200.0.0.8 host 200.0.0.5 eq bgp
permit tcp host 200.0.0.8 eq bgp host 200.0.0.5
permit eigrp host 192.168.11.6 any
deny ip any any
questions:
1- The eigrp traffic has been properly addressed/permited, consequently I do
not see why R7 or any other router can not ping 200.0.0.8. The route to
200.0.0.8 shows up in R7 routing table though.... Also this is the solution
shown in PG
2- The source address of www and ftp is the ethernet segment of R8. Why is so?
The question just asks to permit www and ftp from anywhere, so I would put
"any" . The PG specifies R8 ethernet segment as the source...
Thanks
Bauke
__________________________________________________________________
Yahoo! Canada Toolbar: Search from anywhere on the web, and bookmark your
favourite sites. Download it now
http://ca.toolbar.yahoo.com.
