ACLs for Lab 6 Packet Tracer

5 pts.
Tags:
ACL
Firewalls
Packet Tracer
Router configuration
Routers
Im trying to create an acl to permit and deny certain hosts to access certain services. below is the criteria, but for some reason my ACL doesnt accomplish the requirement.  Would you help please??

allow tw-dsl host web access to the Intranet server 

allow tw-cable host access to the Intranet server 

allow only inbound ping replies from ISP and any source beyond ISP

allow only establiished TCP sessions from ISP and any source beyond ISP

Explicitly block all other inbound access from ISP and any source beyond ISP.

R2(config)#ip access-list extended FIREWALL R2(config-ext-nacl)#permit tcp 192.168.1.10 0.0.0.255 host 192.168.20.254 eq 21 R2(config-ext-nacl)#permit tcp 192.168.2.10 0.0.0.255 host 192.168.20.254 eq 21 R2(config-ext-nacl)#permit icmp any any R2(config-ext-nacl)#permit tcp any any established R2(config-ext-nacl)#deny ip any any

int serial 0/1/0 ip access-group FIREWALL in

Answer Wiki

Thanks. We'll let you know when a new response is added.

Hi,

i think one of the reason why your configuration doesnt work is just because of the Cisco Packet tracer limitation. I’ve experience the same but in my case, its ip-helper address. For some reason I don’t know why it doesn’t work but on actual application my configuration is 100% working.

My suggestion is, you should try to accomplish your configuration on real devices.

I haven’t tried to use your config on packet tracer because of my busy schedule but if I have the time, I’ll just update my answer.

*********

Couple of issues right off the bat:
1) the lines “permit tcp 192.168.1.10 0.0.0.255 host 192.168.20.254 eq 21″ and “permit tcp 192.168.2.10 0.0.0.255 host 192.168.20.254 eq 21″ are wrong – Web access would be on port 80, not 21 (FTP)
2) the section “permit tcp 192.168.1.10 0.0.0.255..” would be better written as “permit tcp 192.168.1.0 0.0.0.255″
3) the line “R2(config-ext-nacl)#deny ip any any” = really unnecessary: all Cisco ACLs have the “implicit deny” at the end of every ACL by default

Outside of those, any diagraming would be helpful…

Discuss This Question:  

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following