ACL question

[brettums]

I created a new ACL for a seperate VLAN (called VLAN 28)


In this ACL I'm doing the following (see below)

ip access-list extended public-list
deny ip 127.0.0.0 0.255.255.255 any
deny ip 192.168.0.0 0.0.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
permit udp any host 255.255.255.255 eq bootpc
permit udp any host 255.255.255.255 eq bootps
permit igmp 10.21.28.0 0.0.1.255 any
deny ip 10.21.28.0 0.0.1.255 host 204.15.20.25 time-range Internetsites_(Bloc
k/allow)
permit ip 10.21.28.0 0.0.1.255 10.10.0.0 0.0.3.255
deny ip 10.21.28.0 0.0.1.255 10.0.0.0 0.255.255.255
permit ip 10.21.28.0 0.0.1.255 any
deny ip any any log


I'm not trying to connect to machines via PCAnywhere and manage the machines via Administrator system center via Symantec Copr Ed. software.


I know there is a line here in the ACL which is not allowing me to access this subnet. The question is, what am I missing... I figured it was permit ip any any, but that did not do it (and I put it right before dent IP any any log.

What am I doing wrong? Just so you know the goal is to use the timed ACL line and to deny all NAT related ip address schemes.

thanks
-Brett

 

[voltron1011]

Could you expand your explaination a bit? I am having a hard time understanding what you are asking. Did this access-list break everything?