Q:
ACLs for Lab 6 Packet Tracer
Im trying to create an acl to permit and deny certain hosts to access certain services. below is the criteria, but for some reason my ACL doesnt accomplish the requirement. Would you help please??
allow tw-dsl host web access to the Intranet server
allow tw-cable host access to the Intranet server
allow only inbound ping replies from ISP and any source beyond ISP
allow only establiished TCP sessions from ISP and any source beyond ISP
Explicitly block all other inbound access from ISP and any source beyond ISP.
R2(config)#ip access-list extended FIREWALL R2(config-ext-nacl)#permit tcp 192.168.1.10 0.0.0.255 host 192.168.20.254 eq 21 R2(config-ext-nacl)#permit tcp 192.168.2.10 0.0.0.255 host 192.168.20.254 eq 21 R2(config-ext-nacl)#permit icmp any any R2(config-ext-nacl)#permit tcp any any established R2(config-ext-nacl)#deny ip any any
int serial 0/1/0 ip access-group FIREWALL in
allow tw-dsl host web access to the Intranet server
allow tw-cable host access to the Intranet server
allow only inbound ping replies from ISP and any source beyond ISP
allow only establiished TCP sessions from ISP and any source beyond ISP
Explicitly block all other inbound access from ISP and any source beyond ISP.
R2(config)#ip access-list extended FIREWALL R2(config-ext-nacl)#permit tcp 192.168.1.10 0.0.0.255 host 192.168.20.254 eq 21 R2(config-ext-nacl)#permit tcp 192.168.2.10 0.0.0.255 host 192.168.20.254 eq 21 R2(config-ext-nacl)#permit icmp any any R2(config-ext-nacl)#permit tcp any any established R2(config-ext-nacl)#deny ip any any
int serial 0/1/0 ip access-group FIREWALL in
ASKED:
Nov 11 2009 9:36 PM GMT
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
A:
RATE THIS ANSWER
0
Click to Vote:
0
Click to Vote:
- 0
0
i think one of the reason why your configuration doesnt work is just because of the Cisco Packet tracer limitation. I've experience the same but in my case, its ip-helper address. For some reason I don't know why it doesn't work but on actual application my configuration is 100% working.
My suggestion is, you should try to accomplish your configuration on real devices.
I haven't tried to use your config on packet tracer because of my busy schedule but if I have the time, I'll just update my answer.
*********
