Not sure if crossposting here is a good thing, however this site also came up in my google search for the answer. It didn't yield the answer however so I thought I would make the topic here too (original cisco support thread: https://supportforums.cisco.com/message/3047838#3047838).
Dear all / cisco,
I've recently purchased a wrvs4400n v2 unit, with firmware version V126.96.36.199-ETSI installed. The router is working, however I am trying to use the IP based ACL feature without any luck. I'm trying to do the following:
Connect "server" (192.168.1.100) to WAN with all ports to external: "home" & "backup source"
Connect "server" with the remote desktop port (3389 / custom port) to WAN (ANY)
Dissallow any traffic from WAN to LAN besides 'normal' internet traffic (http, dns)
I have tried various settings however I am unable to get the setup to work. Even the most basic setup I try fails. For example, I enable single forwarding of port 3389 external to "server" 3389. This port is opened on "server". When I then probe the port it can be accessed and used via external (which is not possible when not having that port forwarded). When I then add an IP based ACL rule, no other rules present besides the default rules) denying any traffic from WAN (priority1, deny, 3389 (or ANY), WAN, any source, any destination, any time and any day) I still am able to connect to the 3389 port and use remote desktop (aka both ways traffic works fine over port 3389)!
To check wether or not IP based ACL works to start with, I've tried to add 1 rule (priority1, deny, any, LAN/ANY, any, any, any time and day) which then makes me unable to contact any external IP/port via "server".
I've tried the settings mentioned in the last post in this thread for the setup to "backup source" however all traffic is always open to the full spectrum of the internet.
For me it seems to be like the IP based ACL feature simply isn't working like it is supposed to. Please tell me how I can setup the ACL to do what I need it to / what I am doing wrong. If the feature is simply broken that would be quite a shame! If more information is required from my end feel free to ask me to provide it (I can upload screenshots and etc. if needed).
Simon van de Berg