I'm stucked with an acl problem. Attached to the message is the topology of an enterprise LAN with a server farm that I'm trying to protect using ACL's. Thre's also an addresssing table.
The goals of the test (a paket tracer activity) are:
1. Prior to configuring access control lists both PCs can ping all servers and access all web pages.
2. After configuring access control lists, PC2, representing a legitimate inside user, can not ping any
server but can access all web pages.
3. After configuring access control lists, PC1, representing a PC set up to maintain switch
configurations, can ping servers in its own VLAN, can not ping other servers, and can not access
any web pages.
There must be 2 acl's one to permit web traffic to the server farm from pc1 and pc 2 and deny all other traffic and another one to permit dns traffic and deny all other. The acl's must be aplied outbound on router 1 and 2 in fa0/0.21, fa0/0.22, fa0/0.23
My choice, which doesn't work, is:
access-list 101 remark web traffic
access-list 101 permit tcp any 172.18.21.0 0.0.7.255 eq 80
access-list 102 reamrk dns traffic
access-list 102 permit tcp any 172.18.21.0 0.0.7.255 eq 53
access-list 102 permit udp any 172.18.21.0 0.0.7.255 eq 53
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...