Re: ACLs not functioning (packet tracer file)

daniel_growth · ‎04-14-2021

Hi All,

I am using packet tracer and am simply trying to enable some standard ACL's on the switches.

I am wanting to follow the Deny all principle then permit what is necessary.

I wish for the following to communicate:

CORP Client - Internet Access

CORP Client - Server Range (172.16.25.1-7)

CORP Client - R&D LAN's (Both Zones)

R&D Zone (1-63) - Server Range (172.16.25.1-7)

R&D Zone (64-127) - Server Range (172.16.25.1-7)

R&D Zone (1-63) - CORP Client

R&D Zone (64-127) - CORP Client

It is important that the R&D Zone cannot communicate with the internet for obvious reasons.

The firewall interfaces are always off by default when first loading the PKT file. I don't know why Packet Tracer enforces this.

All passwords will be "cisco". (Firewall doesnt have password enabled)

If anyone can get this working and explain how i would greatly appreciate it. I have tried countless times and watched loads of videos.

Kind Regards,

Daniel

Kind Regards,
Daniel Growth

pieterh · ‎04-15-2021

I did not look at the pkt file yet but...

>>>I am wanting to follow the Deny all principle then permit what is necessary.<<<

that is the wrong order, rules are matched top to bottom, and the search for acl stops at the first match,
so if that is deny all, then nothing is forwarded.

you need to permit first, and last rule deny all.

daniel_growth · ‎04-15-2021

Hi, I didn't apply a deny all to the packet tracer when trying.

Thanks though for explaining the flow of it

Kind Regards,
Daniel Growth

daniel_growth · ‎04-18-2021

Bump.

Kind Regards,
Daniel Growth