Hi All,
Scenario.
DSL Router 857 connecting to ISP with dialer interface and connecting with
LOCAL AREA NETWORK with vlan 1.
Requirement,
Customer want to stop browsing for some computer from 192.168.2.128 to
192.168.2.191 and allow any other traffic.
Remaining IP�s are allowed all traffic.So I put this configuration on
customer router.
*access-list 102 deny tcp 192.168.2.128 0.0.0.63 any eq www *
*access-list 102 permit ip any any*
*ip nat inside source list 102 interface Dialer1 overload
*
* interface Vlan1
ip address 192.168.2.1 255.255.255.0
ip nat inside
!
interface Dialer1
ip address negotiated
ip nat outside*
After this every thing is work fine there was no browsing for few user's as
customer want and they can access every thing else (FTP,TELNET,etc)
And all other customer can use every thing include browsing .
But here problem come from outside I cannot telnet customer router but I can
ping if u see my config I didn't block port 23 for inside not for outside
and my access-list is only effect inside traffic but from outside I can't
able to telnet and strange from inside I can telnet.
So Q is why my telnet from outside is block ?
I solve this problem I just remove
*no access-list 102 deny tcp 192.168.2.128 0.0.0.63 any eq www *
*no access-list 102 permit ip any any*
*n replace with
*
*access-list 102 deny tcp 192.168.2.128 0.0.0.63 any eq www*
*access-list 102 permit ip 192.168.2.0 0.0.0.255 any*
*and telnet from outside is also working so why its block and after removing
Permit any any its work.*
**
*Thanks.
*
*
*
Blogs and organic groups at http://www.ccie.net
Received on Wed Apr 22 2009 - 17:17:16 ART