02-17-2019 01:14 PM
Hi folks,
I'm trying to write an Extended ACL to do the following and running into a snag.
This may be easy for most, but i'm new to writing ACLs. Any help would be much appreciated !!
The goal is to allow ONLY port 80 traffic from host C and D to host A , and block any other traffic from those two hosts.
All traffic from the Host B should be allowed.
I've written about 20 versions of this ACL and still running to a road block.
Here is the final version i wrote , which works partially.
All three hosts get a destination unreachable on pings
All there hosts get a server rest connection on port 80 traffic
--------------------------------------------------------------------------------------------
So i've applied this ACL to inbound interface of Router # 3
access-list 101 permit tcp 172.16.53.67 0.0.0.0 172.19.100.37 0.0.0.0 eq 80
access-list 101 permit tcp 172.16.101.3 0.0.0.0 172.19.100.37 0.0.0.0 eq 80
access-list 101 permit ip 172.16.200.41 0.0.0.0 172.19.100.37 0.0.0.0
access-list 101 deny any any
ip access-group 101 in
02-17-2019 03:08 PM
Hi @Justb,
At first glance the ACL looks ok.
Have you had any problems after applying it?
There is the option to use the "host" help:
access-list 101 permit tcp host 172.16.53.67 host 172.19.100.37 eq 80
access-list 101 permit tcp host 172.16.101.3 host 172.19.100.37 eq 80
access-list 101 permit ip host 172.16.200.41 host 172.19.100.37
access-list 101 deny any any
Regards
02-17-2019 03:49 PM
Hi,
I've had no problem applying the ACL.
I've tried both ways and still get " Destination host unreachable" from all three hosts.
Extended IP access list 101
10 permit tcp host 172.16.53.67 host 172.19.100.37 eq www
20 permit tcp host 172.16.101.3 host 172.19.100.37 eq www
30 permit ip host 172.16.200.41 host 172.19.100.37
40 deny ip any any
02-17-2019 04:15 PM
Hi @Justb,
If you can not find the solution, you can send us the compressed exercise to be able to review it.
Regards
02-17-2019 03:49 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide