Greetings:

Confused. When I created the following ACL:

access-list 150 permit ip 10.233.0.0 0.0.0.255 host 172.16.5.30

access-list 150 permit ip 10.233.0.0 0.0.0.255 host 10.1.7.136

access-list 150 permit ip 10.233.0.0 0.0.0.255 host 10.1.7.137

access-list 150 permit ip 10.233.0.0 0.0.0.255 host 10.1.7.139

access-list 150 permit ip 10.233.0.0 0.0.0.255 host 10.1.4.43

access-list 150 permit ip 10.233.0.0 0.0.0.255 host 172.28.0.7

access-list 150 permit ip 10.233.0.0 0.0.0.255 host 172.28.0.75

access-list 150 permit ip 10.233.0.0 0.0.0.255 host 172.28.0.110

access-list 150 permit ip 10.233.0.0 0.0.0.255 host 172.28.0.111

access-list 150 permit ip 10.233.0.0 0.0.0.255 host 172.16.5.143

access-list 150 permit ip 10.233.0.0 0.0.0.255 host 172.16.5.142

access-list 150 permit ip 10.233.0.0 0.0.0.255 host 172.16.5.147

access-list 150 deny ip any any

and apply it to the WAN interface as:

ip access-group 150 in

I cannot ping the 10.233.x.x network and they can't ping the router's WAN ip (10.223.0.7)

As soon as I remove the ACL - normal connectivity resumes - but no protection using acl-150.

What am I missing? Thanks