Could someone give me a bit of advice on ACLs please
I am trying to get ACLs working on a packet tracer network for a college assignment but I'm hitting brick walls and could do with some advice please!
I need to create an ACL that will allow web traffic from a host on one LAN to an internal webserver on a separate LAN and external webserver. I have tried the following ACL applied to the inbound interface of the router the host is connected to but it keeps failing.
My extended ACL looks like the following;
access-list 150 permit tcp any host 18.104.22.168 eq domain - (this is the internal DNS server address) access-list 150 permit tcp any host 22.214.171.124 eq www - (this is the internal HTTP server address | www.jrt.com) access-list 150 permit tcp any host 192.168.16.2 eq www - (this is the external HTTP server address)
When I try www.jrt.com in the browser in simulation mode when the packet hits the router I get the red envelope with "1. The device sends back an ICMP Administratively Prohibited Unreachable message."
What am I doing wrong?
Thanks in advance
***** Please note I am unable to reply to any comments for some unknown reason*****
I only want to allow DNS and web traffic, the assignment requires me to allow access to a website but nothing else, no ping etc.
I created the ACL above thinking that that would allow just the traffic I need to allow and deny anything else, but like I say I am unable to get the web page up from the browser of the host.
I can get the site using "permit ip any 126.96.36.199" but that also allows ping replies which I need to deny
Helps meet PCI* compliance.
Threat protection built into ISR and ISRv branch routers and CSR
Complements ISR Integrated Security
Lightweight IPS solution with low TCO (Total Cost of Ownership) and automated signature updates
Supports VRF (16.6)
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...