Having an issue with the ACL firewall for my Packet Tracer assignment where despite my ACL configurations, attempts to reach out or access my HQ devices from Branch through a VPN site-to-site has been explicit denied by my ACL.
Meanwhile outside network is unable to access the HQ server HTTP through DNS despite the ACL allowing 443 to access it.
My intent for how the ACL work is
1)Inside HQ network can connect to the outside public internet
2)https can connect(inside) and can be requested(outside)
3) DNS can be called from the outside
4) HQ network can connect to Branch network
5) deny remaining
These are the ACL configurations in the HQ router, has yet to be implemented into the Branch router
Extended IP access list ACL-1
10 permit tcp any 220.127.116.11 0.255.255.255 eq 443
20 permit tcp any host 10.0.0.2 eq 443
30 permit tcp any host 10.0.0.2 eq domain
40 permit udp any host 10.0.0.2 eq domain
50 permit ip 10.0.0.0 0.0.255.255 10.0.0.0 0.255.255.255 (59 match(es))
60 deny ip any any
Extended IP access list ACL-2
10 permit tcp any host 10.0.0.2 eq 443
20 permit tcp any host 10.0.0.2 eq domain
30 permit udp any host 10.0.0.2 eq domain
40 permit tcp any any eq 443 established
Note: AAA has been enabled, Admin1 is the user and Admin1_123 is the password
Site to Site IPSec VPN with Dynamic IP Endpoint is typically used when we have a branch sites which obtains a dynamic public IP from the Internet ISP. For example an ADSL connection.One important note is that Site-to-Site VPN with Dynamic remote routers P...
On R1, configure a key ring that defines the peer R3:Address: 18.104.22.168Local and remote pre-shared key: cisco R1(config)#crypto ikev2 keyring KRR1(config-ikev2-keyring)# peer R3R1(config-ikev2-keyring-peer)# address 22.214.171.124R1(config-ikev2-keyring-pee...
This document shows how to use the Port Radius NAS PORT Id Attribute in a compound condition to control access with 802.1X.A user jdoe is allowed to access the network only through the physical port FastEthernet 0/1 of the switch and the user jwhite is al...
This document provides a configuration example of Security Assertion Markup Language (SAML) Authentication on FTD managed over FDM. The configuration allows Anyconnect users to establish a VPN session authenticating with a SAML Identity Serv...
DMVPN Dual Hub Dual Cloud Pros and ConsProsNo single point of failureQuick failover if routing protocols are tunedLoad balancing is easyTraffic engineering is easyEasy to work with multiple ISPsConsNeed 2 tunnels per spokeConfiguration is more complicated...