acl issue with vlan interface

sgalloway · ‎06-09-2011

Hi,

Trying to allow traffic from Outside into a particular internal vlan but for some reason the traffic is getting denied !!

I can see the hits of the specific rule in the firewall on the outside interface but after this no traffic get through the vlan interface.. I have setup acls in the past on a particular vlan to access the internet internally going to outside fine, but going from outside to inside is still a problem.

Below image is the vlan interface l wont to access from outside !! The access-group "145 in" is working to allow hosts within this vlan access outside and other vlans. While the "146 out" access-group was supposedly setup to allow external hosts to access machines within this 415 Vlan ?? But it is not working ?? Any ideas

This image below shows the acl's associated with this Vlan Interface , hopefully someone can pick out the possible problem with either access-group. The problem is external traffic allowed into this vlan.. E.g Host 59.167.197.131 cannot connect to host 172.16.44.22 on http from outside ??

cadet alain · ‎06-10-2011

Hi,

Do this:

- show access-list 145 then

-ip access-list extended 145

xx permit tcp host 172.16.44.21 eq www host 59.167.197.131 where xxx is the number of the line just before the line with the domain keyword + 1

Regards.

Alain.

Don't forget to rate helpful posts.

sgalloway · ‎06-14-2011

Thanks for the reply Alain, will give it a go and let you know if successful.