Packet Tracer- Applying Extended ACL

Char71 · ‎06-23-2022

Hi Guys,

Last time I posted I got great help so I thought I would ask again. I am on the final part of my project and have created Extended ACL 150 - When I do show access-list, I can see:

Extended IP access list 150

10 deny tcp host 192.168.3.0 host 192.168.1.0 eq www

20 permit ip any any (109 match(es))

30 deny icmp 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255

40 deny icmp 192.168.3.0 0.0.0.255 10.0.0.0 0.255.255.255

I have tried applying it using:

R3(config)#interface Serial0/0/1

R3(config-if)#ip access-group 150 in

But cannot seem to prevent any HTTP/Ping Test from Comp 192.168.3.0 to Server 192.168.1.0

Any help would be greatly appreciated!

Georg Pauwen · ‎06-23-2022

Hello,

what are the usernames/passwords for the devices ?

Make sure the sequence of the statements in your ACL looks like this (the order is important):

deny tcp host 192.168.3.0 host 192.168.1.0 eq www
deny icmp 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255
deny icmp 192.168.3.0 0.0.0.255 10.0.0.0 0.255.255.255
permit ip any any

Char71 · ‎06-23-2022

User: Admin1

Password: admin1pa55

Then when you get to: EN (enable)

Password:enable

Georg Pauwen · ‎06-23-2022

Hello,

this is what the access list should look like:

access-list 150 deny tcp host 192.168.3.3 host 192.168.1.3 eq www
access-list 150 deny icmp 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 150 deny icmp 192.168.3.0 0.0.0.255 10.0.0.0 0.255.255.255
access-list 150 permit ip any any

I have revised your config, file attached.