Extended ACL

50 pts.
Tags:
Access Control List
ACL
ACL Manager
Active Directory
Cisco
Packet Tracer
Security
Servers
How do I create an ACL for: Allow inbound HTTP requests to the www.yzcorp server.

Add info: The www.yzcorp.com website at 10.0.1.2 is registered with the public DNS system at IP address 209.165.200.246

      permit tcp any 209.165.200.246 eq www is not working.



Software/Hardware used:
Packet Tracer

Answer Wiki

Thanks. We'll let you know when a new response is added.

Correction: permit tcp any host 209.165.200.246 eq www is not working

Where did you apply your access-group and in what direction? That could make the difference.

Discuss This Question: 8  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • IFOY
    I applied the the access-group on the router ( between the router and ISP), in this case, S0/1/0. Router statement: ip access-group FIREWALL (ACL name) in Thanks for replying.
    50 pointsBadges:
    report
  • Matt Mather
    Do you have NAT on the router as well?
    3,610 pointsBadges:
    report
  • Matt Mather
    Perhaps post the relevant parts of the config, obviously removing the sensitive stuff ;)
    3,610 pointsBadges:
    report
  • IFOY
    interface FastEthernet0/0 ip address 10.0.1.1 255.255.255.0 ip nat inside duplex auto speed auto interface Serial0/1/0 ip address 209.165.201.1 255.255.255.252 encapsulation ppp ppp authentication chap ip access-group FIREWALL in ip nat outside ip nat pool XYZCORP 209.165.200.241 209.165.200.245 netmask 255.255.255.248 ip nat inside source list NAT_LIST pool XYZCORP ip nat inside source static 10.0.1.2 209.165.200.246 ip classless ip route 0.0.0.0 0.0.0.0 Serial0/1/0 ip route 10.4.5.0 255.255.255.0 Serial0/0/1 ip access-list standard NAT_LIST permit 10.0.0.0 0.255.255.255 ip access-list extended FIREWALL permit tcp any host 209.165.200.246 eq www permit tcp any any established permit icmp any any echo-reply deny ip any any Fa0/0 is towards www.xyzcorp.com server. S0/1/0 is towards the ISP. I attempted to copy/paste a simulated network diagram, but unsuccessful.
    50 pointsBadges:
    report
  • IFOY
    Any help would be appreciated.
    50 pointsBadges:
    report
  • Normc62
    I'm running into the exact same issue and have created the exact same ACL. I've scored 470 of a possible 471 points on this assignment and this last point is going to drive me bonkers if I can't find it! The webserver, located on the inside at 10.0.1.2, is not accessible from the outside. If the FIREWALL ACL has not been created, the public-to-private mapping "ip nat inside source static 10.0.1.2 209.165.200.246" works fine. The moment the ACL is created, you get "Request Timeout" from the PC located on the outside. The Packet Tracer program's scoring table is indicating an error with the FIREWALL ACL, but of course doesn't specify where in the ACL the error is occurring. I don't have a solution, just wanted to toss my hat in there as someone who is having the same problem :)
    20 pointsBadges:
    report
  • MelanieYarbrough
    Hi Normc62, If you open a new thread for your question, it might get more attention and possibly an answer this time! Best of luck. Melanie
    6,345 pointsBadges:
    report
  • Normc62
    Hi Melanie, Actually, it's the exact same problem that IFOY is having. In fact, I created my ACL in the exact same manner before coming here to see if someone had a solution ["great minds think alike"?]. I have to submit my assignment in the next day or two, so I figure I'm going to end up with a 470/471 and I'll simply poke at it later and see if I can figure out where I/we went wrong.
    20 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following