ip access-list extended test-in deny tcp 10.0.0.0 0.255.255.255 18.104.22.168 0.255.255.255 established permit ip any any
Look, you forget that ACL is applied not only on traffic initiated from one subnet, but also to "reply" traffic. Your packets are delivered to the restricted subnet, but the reply packets also matches the ACL and are blocked.
For example, when 22.214.171.124 is connecting to 10.0.0.1 (which is allowed) the reply packets destined from 10.0.0.0 /24 subnet to 126.96.36.199/24 subnet are blocked as they have to be.
IMHO, you rather need stateful firewall to achieve your target. Set the ACL on the 188.8.131.52 subnet interface and activate ip inspections for tcp, udp and icmp. In that case the holes for reply traffic will be created automatically.
This document gives several answers on frequently asked questions for PFRv3 channel state behavior.
Q1: What are all the channel operational states from a BR (border role) perspective and what are the rules/conditions to be in each st...
The need was to reach an host inside a LAN through a VPN connection managed by the LAN gateway (Cisco 1921).
The LAN gateway performs NAT and there was a dedicate nat rule for the host i wanted to reach through VPN.
I couldn't connect to the hos...
We have 3 identical switches configured by someone else and would like to claim some of the Gigabit ports(G1/G2/G3/G4) for use on servers. When we try to change the wiring and configuration, we run in to connectivity issues. Attached is a des...