Comments on: Extended ACL http://itknowledgeexchange.techtarget.com/itanswers/extended-acl/ Sun, 19 May 2013 03:14:28 +0000 hourly 1 By: normc62 http://itknowledgeexchange.techtarget.com/itanswers/extended-acl/#comment-85453 normc62 Thu, 16 Dec 2010 04:13:42 +0000 #comment-85453 Hi Melanie,

Actually, it’s the exact same problem that IFOY is having. In fact, I created my ACL in the exact same manner before coming here to see if someone had a solution ["great minds think alike"?]. I have to submit my assignment in the next day or two, so I figure I’m going to end up with a 470/471 and I’ll simply poke at it later and see if I can figure out where I/we went wrong.

]]> By: melanieyarbrough http://itknowledgeexchange.techtarget.com/itanswers/extended-acl/#comment-85271 melanieyarbrough Mon, 13 Dec 2010 15:13:58 +0000 #comment-85271 Hi Normc62,

If you open a new thread for your question, it might get more attention and possibly an answer this time! Best of luck.

Melanie

]]> By: normc62 http://itknowledgeexchange.techtarget.com/itanswers/extended-acl/#comment-85202 normc62 Sat, 11 Dec 2010 06:08:36 +0000 #comment-85202 I’m running into the exact same issue and have created the exact same ACL. I’ve scored 470 of a possible 471 points on this assignment and this last point is going to drive me bonkers if I can’t find it! The webserver, located on the inside at 10.0.1.2, is not accessible from the outside. If the FIREWALL ACL has not been created, the public-to-private mapping “ip nat inside source static 10.0.1.2 209.165.200.246″ works fine. The moment the ACL is created, you get “Request Timeout” from the PC located on the outside. The Packet Tracer program’s scoring table is indicating an error with the FIREWALL ACL, but of course doesn’t specify where in the ACL the error is occurring. I don’t have a solution, just wanted to toss my hat in there as someone who is having the same problem :)

]]> By: ifoy http://itknowledgeexchange.techtarget.com/itanswers/extended-acl/#comment-81839 ifoy Sat, 25 Sep 2010 15:44:33 +0000 #comment-81839 Any help would be appreciated.

]]> By: ifoy http://itknowledgeexchange.techtarget.com/itanswers/extended-acl/#comment-81676 ifoy Tue, 21 Sep 2010 00:35:38 +0000 #comment-81676 interface FastEthernet0/0
ip address 10.0.1.1 255.255.255.0
ip nat inside
duplex auto
speed auto

interface Serial0/1/0
ip address 209.165.201.1 255.255.255.252
encapsulation ppp
ppp authentication chap
ip access-group FIREWALL in
ip nat outside

ip nat pool XYZCORP 209.165.200.241 209.165.200.245 netmask 255.255.255.248
ip nat inside source list NAT_LIST pool XYZCORP
ip nat inside source static 10.0.1.2 209.165.200.246
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/1/0
ip route 10.4.5.0 255.255.255.0 Serial0/0/1

ip access-list standard NAT_LIST
permit 10.0.0.0 0.255.255.255

ip access-list extended FIREWALL
permit tcp any host 209.165.200.246 eq www
permit tcp any any established
permit icmp any any echo-reply
deny ip any any

Fa0/0 is towards http://www.xyzcorp.com server. S0/1/0 is towards the ISP. I attempted to copy/paste a simulated network diagram, but unsuccessful.

]]> By: mattmather http://itknowledgeexchange.techtarget.com/itanswers/extended-acl/#comment-81674 mattmather Mon, 20 Sep 2010 23:34:00 +0000 #comment-81674 Perhaps post the relevant parts of the config, obviously removing the sensitive stuff ;)

]]> By: mattmather http://itknowledgeexchange.techtarget.com/itanswers/extended-acl/#comment-81673 mattmather Mon, 20 Sep 2010 23:33:19 +0000 #comment-81673 Do you have NAT on the router as well?

]]> By: ifoy http://itknowledgeexchange.techtarget.com/itanswers/extended-acl/#comment-81657 ifoy Mon, 20 Sep 2010 17:05:14 +0000 #comment-81657 I applied the the access-group on the router ( between the router and ISP), in this case, S0/1/0. Router statement: ip access-group FIREWALL (ACL name) in

Thanks for replying.

]]>