ACL 102 in seems to work, ACL 103 out does not?
PC's w/IP's 10.15.12.28-30 and 10.115.28.14 do not respond as soon as I enable ACL in 103.
Server 10.15.8.244 -- C7513 (NAT 10.115.28.20 10.15.12.40 outside) -- C7204 10.115.28.1 -- Proxy 10.115.28.20 10.15.12.40 -- PC's 10.15.12.28-30 & 10.115.28.14
C7204
interface FastEthernet0/0
ip address 10.115.28.1 255.255.255.0
ip access-group 102 in
ip access-group 103 out
access-list 102 permit tcp host 10.15.8.244 host 10.115.28.20 eq www
access-list 102 permit tcp 10.15.0.0 0.0.255.255 host 10.15.12.28 eq www
access-list 102 permit tcp 10.15.0.0 0.0.255.255 host 10.15.12.28 eq 443
access-list 102 permit tcp 10.15.0.0 0.0.255.255 host 10.15.12.29 eq www
access-list 102 permit tcp 10.15.0.0 0.0.255.255 host 10.15.12.29 eq 443
access-list 102 permit tcp 10.15.0.0 0.0.255.255 host 10.15.12.30 eq www
access-list 102 permit tcp 10.15.0.0 0.0.255.255 host 10.15.12.30 eq 443
access-list 102 permit tcp 10.15.0.0 0.0.255.255 host 10.115.28.14 eq www
access-list 102 permit tcp 10.15.0.0 0.0.255.255 host 10.115.28.14 eq 443
access-list 102 permit icmp 10.0.0.0 0.255.255.255 any
access-list 102 permit tcp any 10.0.0.0 0.255.255.255 established
access-list 102 permit udp any any eq bootpc
access-list 102 permit udp any any eq bootps
access-list 102 deny ip any any
access-list 103 permit udp host 10.10.1.10 eq ntp any
access-list 103 permit udp host a.b.c.d eq domain any
access-list 103 permit icmp 10.0.0.0 0.255.255.255 any
access-list 103 permit tcp host 10.15.8.244 host 10.115.28.20 eq telnet
access-list 103 permit tcp host 10.15.8.244 host 10.115.28.20 eq ftp
access-list 103 permit tcp host 10.15.8.244 host 10.115.28.20 gt 1023
access-list 103 permit tcp host 10.15.8.244 host 10.115.28.20 eq ftp-data
access-list 103 permit tcp 10.115.28.20 255.255.255.255 host 10.15.8.244 eq 80
access-list 103 permit tcp any 10.0.0.0 0.255.255.255 established
access-list 103 deny ip any any
C7204 Traceroute
7204Router#traceroute 10.15.12.28
Type escape sequence to abort.
Tracing the route to 10.15.12.28
1 10.115.42.1 0 msec 0 msec 4 msec
2 10.15.12.28 4 msec 4 msec 4 msec
7204Router#traceroute 10.15.12.29
Type escape sequence to abort.
Tracing the route to 10.15.12.29
1 10.115.42.1 0 msec 0 msec 4 msec
2 10.15.12.29 4 msec 0 msec 4 msec
7204Router#traceroute 10.15.12.30
Type escape sequence to abort.
Tracing the route to 10.15.12.30
1 10.115.42.1 0 msec 0 msec 4 msec
2 10.15.12.30 4 msec 0 msec 4 msec
7204Router#traceroute 10.15.8.244
Type escape sequence to abort.
Tracing the route to 10.15.8.244
1 10.115.42.1 0 msec 4 msec 4 msec
2 10.15.12.1 4 msec 4 msec 4 msec
3 10.15.8.244 4 msec 0 msec 4 msec
7204Router#traceroute 10.15.12.150
Type escape sequence to abort.
Tracing the route to 10.15.12.150
1 10.115.42.1 0 msec * 0 msec
7204Router#
Am I missing an ACL 103 statement for the 10.115.42.1 net or ???
Thanks
PC's w/IP's 10.15.12.28-30 and 10.115.28.14 do not respond as soon as I enable ACL in 103.
Server 10.15.8.244 -- C7513 (NAT 10.115.28.20 10.15.12.40 outside) -- C7204 10.115.28.1 -- Proxy 10.115.28.20 10.15.12.40 -- PC's 10.15.12.28-30 & 10.115.28.14
C7204
interface FastEthernet0/0
ip address 10.115.28.1 255.255.255.0
ip access-group 102 in
ip access-group 103 out
access-list 102 permit tcp host 10.15.8.244 host 10.115.28.20 eq www
access-list 102 permit tcp 10.15.0.0 0.0.255.255 host 10.15.12.28 eq www
access-list 102 permit tcp 10.15.0.0 0.0.255.255 host 10.15.12.28 eq 443
access-list 102 permit tcp 10.15.0.0 0.0.255.255 host 10.15.12.29 eq www
access-list 102 permit tcp 10.15.0.0 0.0.255.255 host 10.15.12.29 eq 443
access-list 102 permit tcp 10.15.0.0 0.0.255.255 host 10.15.12.30 eq www
access-list 102 permit tcp 10.15.0.0 0.0.255.255 host 10.15.12.30 eq 443
access-list 102 permit tcp 10.15.0.0 0.0.255.255 host 10.115.28.14 eq www
access-list 102 permit tcp 10.15.0.0 0.0.255.255 host 10.115.28.14 eq 443
access-list 102 permit icmp 10.0.0.0 0.255.255.255 any
access-list 102 permit tcp any 10.0.0.0 0.255.255.255 established
access-list 102 permit udp any any eq bootpc
access-list 102 permit udp any any eq bootps
access-list 102 deny ip any any
access-list 103 permit udp host 10.10.1.10 eq ntp any
access-list 103 permit udp host a.b.c.d eq domain any
access-list 103 permit icmp 10.0.0.0 0.255.255.255 any
access-list 103 permit tcp host 10.15.8.244 host 10.115.28.20 eq telnet
access-list 103 permit tcp host 10.15.8.244 host 10.115.28.20 eq ftp
access-list 103 permit tcp host 10.15.8.244 host 10.115.28.20 gt 1023
access-list 103 permit tcp host 10.15.8.244 host 10.115.28.20 eq ftp-data
access-list 103 permit tcp 10.115.28.20 255.255.255.255 host 10.15.8.244 eq 80
access-list 103 permit tcp any 10.0.0.0 0.255.255.255 established
access-list 103 deny ip any any
C7204 Traceroute
7204Router#traceroute 10.15.12.28
Type escape sequence to abort.
Tracing the route to 10.15.12.28
1 10.115.42.1 0 msec 0 msec 4 msec
2 10.15.12.28 4 msec 4 msec 4 msec
7204Router#traceroute 10.15.12.29
Type escape sequence to abort.
Tracing the route to 10.15.12.29
1 10.115.42.1 0 msec 0 msec 4 msec
2 10.15.12.29 4 msec 0 msec 4 msec
7204Router#traceroute 10.15.12.30
Type escape sequence to abort.
Tracing the route to 10.15.12.30
1 10.115.42.1 0 msec 0 msec 4 msec
2 10.15.12.30 4 msec 0 msec 4 msec
7204Router#traceroute 10.15.8.244
Type escape sequence to abort.
Tracing the route to 10.15.8.244
1 10.115.42.1 0 msec 4 msec 4 msec
2 10.15.12.1 4 msec 4 msec 4 msec
3 10.15.8.244 4 msec 0 msec 4 msec
7204Router#traceroute 10.15.12.150
Type escape sequence to abort.
Tracing the route to 10.15.12.150
1 10.115.42.1 0 msec * 0 msec
7204Router#
Am I missing an ACL 103 statement for the 10.115.42.1 net or ???
Thanks