Access Lists

[dvtestguy]

Need some help on ACL's....any ideas?

1. Allow ICMP ping from 10.115.28.x to 10.15.8.x
2. Deny all other traffic from 10.115.28.x to 10.15.8.x
3. All traffic to be allowed from 10.15.8.244 to 10.15.12.40 & 10.15.12.41.
4. Allow ports 80/443 to be allowed from 10.115.28.x to 10.15.12.40 & 10.15.12.41.

* 10.115.28.3-x PC's can only "initiate/register" contact to either 10.15.12.40/41 Proxys (inside/outside the friewall).
* 10.15.12.40/41 Proxy's then communicate to 10.15.8.244 server.
* 10.15.8.244 server then sends communication back down to the Proxy's.
* 10.15.12.40/41 Proxy's then communicate back down to the PC's.

10.15.8.244 Sever
|
|
-------------------------10.15.12.41 Proxy
|
|
Cisco 7204 ACL Firewall (10.115.28.1)
|
|
|
-----------------------10.115.28.20 (10.15.12.40 NAT) Proxy
| | |
10.115.28.3 10.115.28.4 10.115.28.5


See config below...

int for 7204
interface FastEthernet0/0
ip address 10.115.28.1 255.255.255.0
ip access-group 102 in
ip access-group 103 out
ip nat outside


access-list 102 permit icmp 10.115.28.0 0.0.0.255 10.15.8.0 0.0.0.255 echo
access-list 102 permit tcp host 10.115.28.20 host 10.15.8.244 established
access-list 102 permit udp host 10.115.28.20 host 10.15.8.244 gt 1023
access-list 102 permit icmp host 10.115.28.20 host 10.15.8.244 echo-reply
access-list 102 permit icmp host 10.115.28.20 host 10.15.8.244 echo-reply time-exceeded


access-list 103 permit icmp 10.15.8.0 0.0.0.255 10.115.28.0 0.0.0.255 echo-reply
access-list 103 permit ip host 10.15.8.244 host 10.115.28.20