From: Luca Hall (lhall@setnine.com)
Date: Tue Sep 09 2008 - 16:45:18 ART
you should either remove acl 101's third line or change it
to deny. that error means that the dynamic acl has already
added the 'permit ip any any' so it wont add it again.
just fix your acl 101 and clear the dynamic entry and it
will go away.
----- Original Message -----
From: Mohamed Tandou <dtandou@gmail.com>
To: ccielab@groupstudy.com
Sent: Tue, 9 Sep 2008 15:38:36 -0400 (EDT)
Subject: Lock and Key
Hello GS,
i am trying to test Lock and Key and it is not working
I have 3 routers on the same Lan. R4, R5 and R1.
R4 and R6 are using frame-relay
I configured Lock and Key on R4 when i telnet from R6 i am getting the
following errors message below. Any comment ?
Mohamed
R4
username DYNACL password 0 CISCO
username DYNACL autocommand access-enable host timeout 5
interface FastEthernet0
ip address 192.168.25.6 255.255.255.0
ip access-group 101 in
speed auto
access-list 101 permit tcp any any eq telnet
access-list 101 dynamic ACCESS timeout 10 permit ip any any
access-list 101 permit ip any any
line vty 0 4
exec-timeout 30 0
login local
R5#telnet 192.168.25.6
Trying 192.168.25.6 ... Open
User Access Verification
Username: DYNACL
Password:
% List#101-MYCISCO already contains this IP address pair
[Connection to 11.11.25.6 closed by foreign host]
R5#
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Sat Oct 04 2008 - 09:26:17 ART