- Bronze, 100 points or more
I have a subnet in a remote site which I am trying to allow access to the Internet via our head office site.
I want to prevent this subnet accessing anything in the head office network (10.2.0.0/12) except for the PIX obviously.
I put an inbound ACL on the WAN interface of our head office router which permits the remote subnet to access the LAN interface of our PIX at head office.
It works because I can ping the PIX from that subnet, but thats about all I can do. I cant get to the Internet (cant ping by name or IP) and I am at a loss for why this is the case.
When I look at IP access-accounting (or similar) it tells me that it is denying access to the IP addresses of internet DNS servers I am using, so I am assuming the ACL is too restrictive.
Also, If there is no ACL, this works perfectly (except that the remote subnet has full access to head office).
Any help is appreciated.