I'm having some issues configuring ACL's in the following situation:
c. Configure HQ and Branch with OSPF routing according to the following criteria:
· Assign the process ID 1.
· Advertise all three attached networks. Do not advertise the link to the Internet.
· Configure appropriate interfaces as passive.
d. Set a default route on HQ which directs traffic to S0/0/1 interface. Redistribute the route to Branch.
e. Design a named access list HQServer to prevent any computers attached to the Gigabit Ethernet 0/0 interface of the Branch router from accessingHQServer.pka. All other traffic is permitted. Configure the access list on the appropriate router, apply it to the appropriate interface and in the appropriate direction.
f. Design a named access list BranchServer to prevent any computers attached to the Gigabit Ethernet 0/0 interface of the HQ router from accessing the HTTP and HTTPS service of the Branch server. All other traffic is permitted. Configure the access list on the appropriate router, apply it to the appropriate interface and in the appropriate direction.
I can only get up to 75/100 and I dont know what I'm doing wrong. Everything seems to be working fine...Am I missing something?
hostname HQ
!
!
!
!
!
!
ip cef
no ipv6 cef
!
!
!
!
license udi pid CISCO2911/K9 sn FTX1524O3DD
!
!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface GigabitEthernet0/0
ip address 172.16.127.254 255.255.192.0
ip access-group BranchServer in
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 172.16.63.254 255.255.192.0
duplex auto
speed auto
!
interface GigabitEthernet0/2
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/0/0
ip address 192.168.0.1 255.255.255.252
clock rate 2000000
!
interface Serial0/0/1
ip address 64.104.34.2 255.255.255.252
clock rate 2000000
!
interface Vlan1
no ip address
shutdown
!
router ospf 1
log-adjacency-changes
passive-interface GigabitEthernet0/0
passive-interface GigabitEthernet0/1
passive-interface Serial0/0/1
network 172.16.0.0 0.0.63.255 area 0
network 172.16.64.0 0.0.63.255 area 0
network 192.168.0.0 0.0.0.3 area 0
default-information originate
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0/1
!
ip flow-export version 9
!
!
ip access-list extended BaranchServer
deny tcp any host 172.16.128.1 eq www
deny tcp any host 172.16.128.1 eq 443
permit ip any any
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
end
hostname Branch
!
!
!
!
!
!
ip cef
no ipv6 cef
!
!
!
!
license udi pid CISCO2911/K9 sn FTX1524OY7F
!
!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface GigabitEthernet0/0
ip address 172.16.159.254 255.255.240.0
ip access-group HQServer in
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 172.16.143.254 255.255.240.0
duplex auto
speed auto
!
interface GigabitEthernet0/2
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/0/0
ip address 192.168.0.2 255.255.255.252
clock rate 2000000
!
interface Serial0/0/1
no ip address
clock rate 2000000
!
interface Vlan1
no ip address
shutdown
!
router ospf 1
log-adjacency-changes
passive-interface GigabitEthernet0/0
passive-interface GigabitEthernet0/1
network 172.16.128.0 0.0.15.255 area 0
network 172.16.144.0 0.0.15.255 area 0
network 192.168.0.0 0.0.0.3 area 0
!
ip classless
!
ip flow-export version 9
!
!
ip access-list extended HQServer
deny ip any host 172.16.0.1
permit ip any any
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
end
