Attached is a basic representation of my network topology.
Before I attempt to apply any ACL's to the live environment, I have duplicated the basic topology in Packet Tracer,
so I can modify with the config without having any impact.
What I am trying to accomplish is to prevent all hosts on Network B, gaining access to Network A, but still allowing them access to Server X and other areas, not shown in the topology. Whilst still allowing hosts on Network A access to Server X and Network B.
If I apply a standard ACL to Fa 0/0.4, as follows:-
int fa 0/0.4
ip access-group Block_DD out
ip access-list standard Block_DD
deny 172.16.0.0 0.0.3.255
traffic from Network B is blocked, but the traffic from Network A across to Network B is also blocked,
which is not what I am trying to accomplish.
If I apply an extended ACL to Fa 0/0.3, as follows:-
int fa 0/0.3
ip access-group Block_DD in
ip access-list extended Block_DD
deny ip 172.16.0.0 0.0.3.255 192.168.54.0 0.0.0.255
permit ip any any
the same problem occurs where traffic from Network B is blocked, but the traffic from Network A across to Network B is also blocked, which again, is not what I am trying to accomplish.
Could someone please advise where I am going wrong or whether I am omitting some obvious permit/deny statements?
All guidance greatly appreciated.