cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
632
Views
0
Helpful
3
Replies

ACLs not functioning (packet tracer file)

daniel_growth
Level 1
Level 1

Hi All,

I am using packet tracer and am simply trying to enable some standard ACL's on the switches.

I am wanting to follow the Deny all principle then permit what is necessary.

 

I wish for the following to communicate:

CORP Client - Internet Access

CORP Client - Server Range (172.16.25.1-7)

CORP Client - R&D LAN's (Both Zones)

R&D Zone (1-63) - Server Range (172.16.25.1-7)

R&D Zone (64-127) - Server Range (172.16.25.1-7)

R&D Zone (1-63) - CORP Client

R&D Zone (64-127) - CORP Client

 

It is important that the R&D Zone cannot communicate with the internet for obvious reasons.

 

network topology.PNG

The firewall interfaces are always off by default when first loading the PKT file. I don't know why Packet Tracer enforces this.

 

All passwords will be "cisco". (Firewall doesnt have password enabled)

 

If anyone can get this working and explain how i would greatly appreciate it. I have tried countless times and watched loads of videos.

Kind Regards,

Daniel

 

Kind Regards,
Daniel Growth
3 Replies 3

pieterh
VIP
VIP

I did not look at the pkt file yet but...

>>>I am wanting to follow the Deny all principle then permit what is necessary.<<<

that is the wrong order, rules are matched top to bottom, and the search for acl stops at the first match,
so if that is deny all, then nothing is forwarded.

you need to permit first, and last rule deny all.

 

 

Hi, I didn't apply a deny all to the packet tracer when trying.

Thanks though for explaining the flow of it

Kind Regards,
Daniel Growth

daniel_growth
Level 1
Level 1

Bump.

Kind Regards,
Daniel Growth
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: