The problem is that you have denied most access through the gig0/1 interface. The outside is only permitted to access a single host on just a few UDP ports.
Remember that at the end of every access list is an implied deny any any. So anything that is not permitted is denied. So your access list has 2 permit statements and anything that is not UDP to host 188.8.131.52 is denied.
If you can give us a statement of what you want the access list to do (what it should permit and what it should deny) we might be able to help you write a better access list.
I believe that there is an issue of logic in your suggestion. If the permit ip any any is added to the access list then everything is permitted, and nothing is denied. If nothing is denied and everything is permitted then why are we using an access list on the interface. It would be much more simple to remove the access list entirely.
I believe that we need to clarify what the requirements are: what traffic should go through and what traffic should be denied. Once we have this clarification then we can construct an access list that will achieve the desired result.
I have looked at your diagram and I have these comments about your access lists.
- access-list 100 has quite a few permits for a specific host 184.108.40.206. I do not see that host in your drawing (it may not be important that this host is not in the drawing). I do not see any permit (except for permit icmp) for the hosts that are in the drawing (Radius server and Softswitch) I think the lack of permits for these hosts or any other addresses in the subnet is a problem.
- access-list 101 has quite a few permits for a specific host 220.127.116.11 and then a permit ip any any. Nothing is denied. So why have an access list with anything more than permit ip any any?
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...