ACLS QUESTION - 2 LAN SEGMENTS - ISSUE
I have a scenario where 2 LAN segments are separated by a router, Admin and Students. There is a DNS server and an EMAIL server on the admin segment. Students should be able to access DNS and EMAIL services (smtp, pop3 and dns). No access to any other traffic. Admin should have full access to the student LAN segment. I managed to implement all the filtering with extended ACLS placed on the router as follows:
access-list 105 permit tcp any any eq smtp
access-list 105 permit tcp any any eq pop3
access-list 105 permit tcp any any eq www
access-list 105 permit udp any host 10.20.0.2 eq 53
access-list 105 deny ip any any
int e1/1
ip access-group 105 in
But for some reason it does not allow any access from the admin segment to the students segment.
EMAIL AND DNS ARE WORKING FINE FROM THE STUDENTS SEGMENT AND PINGS FAIL AS EXPECTED AFTER THE COMMANDS MENTIONED WERE ISSUED.
ADMIN SHOULD BE ABLE TO PING STUDENTS SEGMENTS
AFTER ATTEMPTING MANY TIMES AND DIFFERENT CONFIG I TRIED THE FOLLOWING:
access-list 106 permit ip any any
int e1/0
ip access-group 106 in
I also tried
int e1/1
ip access-group 106 in
BUT ADMIN STILL HAS NO ACCESS TO THE STUDENTS SEGMENTS!!!!!!
WHY NOT?
FEW FELLOWS TRIED IT OUT AS WELL IN PACKET TRACER WITH NO SUCCESSFUL RESULTS...
:S
I WOULD REALLY APPRECIATE SOME HELP ASAP!
THANK YOU IN ADVANCE,
MIGUEL
---
Posted by WebUser Miguel Pcn