Re: ACL Problem on Cisco 871W

msacomputers · ‎11-08-2010

Hello,

I am going to first apologize if my post is confusing or unclear.

Here's what I am trying to accomplish:

Apply an extended ACL allowing inbound SSL on my WAN port then port forward to an internal server.

Problem:

I've created the following port forwarding and ACL entries listed below then applied the ACL to my outside WAN port. When the "ip access-group" is entered all outbound LAN and inbound WAN traffic appears blocked.

Port forwarding entry:

ip nat inside source static tcp 192.168.14.5 443 interface fastethernet4 443

ACL Entry:

ip access-list extended Outside_Access_In

permit tcp any host 192.168.14.5 eq 443

"Other permit statements in ACL can be remarked - trying to allow other traffic"

ACL entry when applied to outside interface:

ip access-group Outside_Access_in in --- after command is entered all traffic is blocked.

I've attached the entire running-config for anyone that has any thoughts. Background: I do understand that when you apply a Cisco ACL to an interface that there is an “implicit deny all” hidden at the end and this probably explains the complete loss of Internet connectivity.

Any help is appreciated.

Thank you,

Chris

Jitendriya Athavale · ‎11-08-2010

try this and let me know

you have to permit it through the firewall, i think it is the firewall blocking

ip access-list extended 161

permit tcp any host 192.168.14.5 eq 443

class-map type inspect match-all out_to_in
match access-group 161

policy-map type inspect sdm-pol-NATOutsideToInside-1
class type inspect sdm-cls-sdm-pol-NATOutsideToInside-1-1
inspect
class type inspect sdm-nat-smtp-1
inspect
class type inspect sdm-nat-user-protocol--1-1
inspect

class type inspect out_to_in

inspect
class class-default

msacomputers · ‎11-12-2010

Sorry for the delayed response.

This is now resolved. Adding the inspect statments did the trick.

Thanks for your help!

Chris