Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

ACL Help... 1

Status
Not open for further replies.
dvtestguy

dvtestguy

Technical User
Joined
Dec 8, 2005
Messages
109
Location
US
Trying to setup Set up Firewall ACL's to let IP's 10.115.28.x ping 10.15.8.244, but should not be able communicate in any other way to 10.15.8.x...but 10.15.8.244 should talk to 10.115.28.20

Any ideas?

Config below...

Server 10.15.8.244 <-> C7204 Firewall ACL's (f0/0 10.115.28.1) <-> Proxy Server (10.115.28.20) <-> 10.115.28.3 and 10.115.28.4 PC's.

See config below...

7204
interface FastEthernet0/0
ip address 10.115.28.1 255.255.255.0
ip access-group 102 in
ip access-group 103 out
ip nat outside


access-list 102 permit tcp host 10.15.12.40 host 10.115.28.20 eq www

access-list 102 permit tcp host 10.115.28.3 10.15.0.0 0.0.255.255 eq www
access-list 102 permit tcp host 10.115.28.3 10.15.0.0 0.0.255.255 eq 443
access-list 102 permit tcp host 10.115.28.3 10.115.0.0 0.0.255.255 eq www
access-list 102 permit tcp host 10.115.28.3 10.115.0.0 0.0.255.255 eq 443

access-list 102 permit tcp host 10.115.28.4 10.15.0.0 0.0.255.255 eq www
access-list 102 permit tcp host 10.115.28.4 10.15.0.0 0.0.255.255 eq 443
access-list 102 permit tcp host 10.115.28.4 10.115.0.0 0.0.255.255 eq www
access-list 102 permit tcp host 10.115.28.4 10.115.0.0 0.0.255.255 eq 443

access-list 102 permit icmp 10.0.0.0 0.255.255.255 any
access-list 102 permit tcp any 10.0.0.0 0.255.255.255 established


access-list 103 permit icmp 10.0.0.0 0.255.255.255 any
access-list 103 permit tcp 10.115.28.20 255.255.255.255 host 10.15.8.240 eq 80
access-list 103 permit tcp host 10.115.28.3 host 10.115.28.20 eq 80
access-list 103 permit tcp host 10.115.28.4 host 10.115.28.20 eq 80

access-list 103 permit tcp host 10.115.28.20 host 10.115.28.3 established
access-list 103 permit tcp host 10.115.28.20 host 10.115.28.4 established

access-list 103 permit tcp any 10.0.0.0 0.255.255.255 established
 
Sort by date Sort by votes
I believe that you need to add for the following:

access-list 103 permit icmp any any echo
access-list 103 permit icmp any any echo-reply
access-list 103 permit icmp any any source-quench
access-list 103 permit icmp any any packet-too-big
access-list 103 permit icmp any any time-exceeded
access-list 103 deny icmp any any

Good luck
 
Upvote 0 Downvote
<EDIT>

You should actually replace 'any any' with 10.115.28.x 10.15.8.244.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Jared R
  • Locked
  • Question Question
Cisco UC320W Paging Help
Replies
0
Views
712
Jared R
Jared R
WinstonCH
  • Locked
  • Helpful tip Helpful tip
What is wrong with the diagram, there are people who will help to fix it? How do i do the configurat
Replies
1
Views
937
BIS
BIS
Mogles49
  • Locked
  • Question Question
Firewall ACL question
Replies
1
Views
363
burtsbees
burtsbees
bfordz
  • Locked
  • Question Question
new help on setting up third party VoIP phones through Catalyst 2960x switch
Replies
0
Views
368
bfordz
bfordz
DigiByte34
  • Locked
  • Question Question
Need Help Cisco AAA to any RADIUS Software
Replies
9
Views
938
DigiByte34
DigiByte34

Part and Inventory Search

Sponsor

Back
Top