cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
486
Views
0
Helpful
0
Replies
Jin224
Beginner

Access List firewall issue

Having an issue with the ACL firewall for my Packet Tracer assignment where despite my ACL configurations, attempts to reach out or access my HQ devices from Branch through a VPN site-to-site has been explicit denied by my ACL.

 

Meanwhile outside network is unable to access the HQ server HTTP through DNS despite the ACL allowing 443 to access it.

 

My intent for how the ACL work is

1)Inside HQ network can connect to the outside public internet

2)https can connect(inside) and can be requested(outside)

3) DNS can be called from the outside

4) HQ network can connect to Branch network

5) deny remaining

 

These are the ACL configurations in the HQ router, has yet to be implemented into the Branch router 

 

Extended IP access list ACL-1

10 permit tcp any 200.0.0.0 0.255.255.255 eq 443

20 permit tcp any host 10.0.0.2 eq 443

30 permit tcp any host 10.0.0.2 eq domain

40 permit udp any host 10.0.0.2 eq domain

50 permit ip 10.0.0.0 0.0.255.255 10.0.0.0 0.255.255.255 (59 match(es))

60 deny ip any any

 

Extended IP access list ACL-2

10 permit tcp any host 10.0.0.2 eq 443

20 permit tcp any host 10.0.0.2 eq domain

30 permit udp any host 10.0.0.2 eq domain

40 permit tcp any any eq 443 established

 

Note: AAA has been enabled, Admin1 is the user and Admin1_123 is the password

0 REPLIES 0