RE: [nsp] RESEND : Change IP address on interface 's encount some problem on 7206

From: Raymond Leung (rlcw@zonasa.com)
Date: Tue Jan 15 2002 - 09:34:23 EST


my access-list 120 is right there , please check and see what can you help
me.. thx

access-list 120 permit tcp 202.140.165.0 0.0.0.255 202.140.168.0 0.0.0.255
eq smtp
access-list 120 permit tcp 202.140.166.0 0.0.0.255 202.140.168.0 0.0.0.255
eq smtp
access-list 120 permit tcp 202.140.167.0 0.0.0.255 202.140.168.0 0.0.0.255
eq smtp
access-list 120 permit tcp host 202.140.162.41 202.140.168.0 0.0.0.255 eq smtp
access-list 120 permit tcp host 202.140.162.42 202.140.168.0 0.0.0.255 eq smtp
access-list 120 permit tcp host 202.140.162.43 202.140.168.0 0.0.0.255 eq smtp
access-list 120 permit tcp host 202.140.162.48 202.140.168.0 0.0.0.255 eq smtp
access-list 120 permit tcp host 202.140.162.49 202.140.168.0 0.0.0.255 eq smtp
access-list 120 permit tcp host 202.140.162.140 202.140.168.0 0.0.0.255 eq smtp
access-list 120 deny tcp host 202.140.160.134 any eq www
access-list 120 deny tcp 202.140.165.0 0.0.0.255 any eq smtp
access-list 120 deny tcp 202.140.166.0 0.0.0.255 any eq smtp
access-list 120 deny tcp 202.140.167.0 0.0.0.255 any eq smtp
access-list 120 deny tcp host 202.140.162.41 any eq smtp
access-list 120 deny tcp host 202.140.162.42 any eq smtp
access-list 120 deny tcp host 202.140.162.43 any eq smtp
access-list 120 deny tcp host 202.140.162.48 any eq smtp
access-list 120 deny tcp host 202.140.162.49 any eq smtp
access-list 120 deny tcp host 202.140.162.140 any eq smtp
access-list 120 permit ip 202.140.160.0 0.0.15.255 any
access-list 120 permit ip 203.129.0.0 0.0.255.255 any
access-list 120 deny ip any any

At 06:28 AM 1/15/2002 -0800, Cisco List wrote:
>What is in access-list 120? It looks like you have that applied to filter
>outbound traffic on f0/0 so that could be where your problem lies.
>
>Good luck,
>Chad
>
>-------------------------------
>Chad Skidmore
>Director, IP & Data Operations
>Avista Communications
>http://www.avistacom.net
>
>-----Original Message-----
>From: Raymond Leung [mailto:rlcw@zonasa.com]
>Sent: Tuesday, January 15, 2002 1:45 AM
>To: cisco-nsp@puck.nether.net
>Cc: anthony_tsang@hgctr.com
>Subject: [nsp] RESEND : Change IP address on interface 's encount some
>problem on 7206
>
>
>Dear All :
>
>I have some problem encount when changing IP address from one interface to
>other's interface
>
>The original configuration is like this one the following interface :
>
>interface FastEthernet0/0 (going out to internet with using address
>203.129.64.60 , local lan as 202.140.168.7)
> ip address 202.140.168.7 255.255.255.0 secondary
> ip address 203.129.64.60 255.255.255.240
> ip access-group 120 out
> no ip redirects
> duplex full
> no cdp enable
>
>interface FastEthernet2/0
> no ip address
> shutdown
> duplex full
> no cdp enable
>
>There is no problem regarding to my internet connection with this config ,
>but one problem occur when the config change like this.
>
>
>interface FastEthernet0/0
> ip address 203.129.64.60 255.255.255.240
> ip access-group 120 out
> no ip redirects
> duplex full
> no cdp enable
>
>interface FastEthernet2/0
> ip address 202.140.168.7 255.255.255.0
> duplex full
> no cdp enable
>
>The router can ping both 203.129.64.60's network (which mean can go out to
>internet) , and also can ping the local network with 202.140.168.7
>
>but one things will occur:
>
>when i use a unix server traceroute to internet :
>
>1 tip.zonasa.net xxxms xxxms xxxms
>2. * * *
>3 * * *
>
>
>--
>
>With Regards,
>
>Raymond Leung
>Network Analyst
>Zonasa Network Limited
>
>Suite 903,Technology Plaza
>651 King's Road
>Quarry Bay
>Hong Kong

---

With Regards,

Raymond Leung Network Analyst Zonasa Network Limited (AS4841 Maintainer)

Suite 903,Technology Plaza 651 King's Road Quarry Bay Hong Kong



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:59 EDT