Help with ACL commands?

isaiahhavoc · ‎04-23-2019

So I'm new to networking/working with ACLs and I'm trying to set up a network in packet tracer for practice for my class. I was wondering what the commands would be for the following policies I'm trying to implement just to confirm I got them right before I move on.
Policy 1: Allow PC 192.168.1.5 all access to 192.168.2.0 network.
Policy 2: Allow the whole 192.168.2.0 network access to 192.168.1.2 for HTTPS ONLY
Policy 3: Allow the whole 192.168.2.0 network access to 192.168.1.3 for FTP access ONLY
Policy 4: Allow ANYONE access to 192.168.1.4 for HTTP/HTTPS access.

The Corporate HQ LAN is 192.168.1.0/24 and the BranchOffice LAN is 192.168.2.0/24
This is what my topology looks like:

Thanks to everyone in advance

luis_cordova · ‎04-23-2019

Hi @isaiahhavoc ,

Try this ACL:

access-list 100 permit 192.168.2.0 0.0.0.255 host 192.168.1.5 (Policy 1)

access-list 100 permit 192.168.2.0 0.0.0.255 host 192.168.1.2 eq 443 (Policy 2)

access-list 100 permit 192.168.2.0 0.0.0.255 host 192.168.1.3 eq 20 (Policy 3)

access-list 100 permit 192.168.2.0 0.0.0.255 host 192.168.1.3 eq 21 (Policy 3)

access-list 100 permit 192.168.2.0 0.0.0.255 host 192.168.1.4 eq 80 (Policy 4)

access-list 100 permit 192.168.2.0 0.0.0.255 host 192.168.1.4 eq 443 (Policy 4)

About policy 1, the block is made to the packets when they return to host 192.168.1.5
About policy 4, i commented that host 192.168.1.5 is not included because it is inside the same network as the destination, so the packets will arrive , since it can not be filtered within this same broadcast domain.

The ACL is made to be applied in the internal interface of the BranchOffice router, with in direction.

ip access-group 100 in

Regards