Options
Packet Tracer CCNA Skills Integration challenge access lists
paulc1976
Member Posts: 1 ■□□□□□□□□□
in CCNA & CCENT
I've attempted the final Packet tracer lab in the CCNA course material (Accessing the WAN, end of chapter 
.
I'm using the latest 5.2 version of packet tracer.
Its currently showing 97% complete
The only things that need to complete are the access lists and the VTP domain names, I have correctly configured the VTP but it is showing as wrong on PT so that must be a bug as I have verified with show vtp status on all switches and it matches the name in the specs.
As for the access lists it requires an extended named ACLcalled FIREWALL on HQ router placed inbound on S0/1/0 on the serial router.
This is what the spec asks for:
Step 2. Implement a basic firewall ACL.
Because ISP represents connectivity to the Internet, configure a named ACL called FIREWALL in the following order:
This is my config:
Extended IP access list FIREWALL
permit tcp any host 10.0.1.2 eq www
permit tcp any any established
permit icmp any any echo-reply
deny ip any any
10.0.1.2 is the web server address. The ACL is applied inbound on HQ router. The marking is displaying 2/3 but wont tell you which statement is incorrect. If theres anyone on here who has completed this lab and could give me advice I'd be very grateful.
many thanks,
Paul
.I'm using the latest 5.2 version of packet tracer.
Its currently showing 97% complete
The only things that need to complete are the access lists and the VTP domain names, I have correctly configured the VTP but it is showing as wrong on PT so that must be a bug as I have verified with show vtp status on all switches and it matches the name in the specs.
As for the access lists it requires an extended named ACLcalled FIREWALL on HQ router placed inbound on S0/1/0 on the serial router.
This is what the spec asks for:
Step 2. Implement a basic firewall ACL.
Because ISP represents connectivity to the Internet, configure a named ACL called FIREWALL in the following order:
- Allow inbound HTTP requests to the xyzcorp.com server.
- Allow only established TCP sessions from ISP and any source beyond ISP.
- Allow only inbound ping replies from ISP and any source beyond ISP.
- Explicitly block all other inbound access from ISP and any source beyond ISP.
This is my config:
Extended IP access list FIREWALL
permit tcp any host 10.0.1.2 eq www
permit tcp any any established
permit icmp any any echo-reply
deny ip any any
10.0.1.2 is the web server address. The ACL is applied inbound on HQ router. The marking is displaying 2/3 but wont tell you which statement is incorrect. If theres anyone on here who has completed this lab and could give me advice I'd be very grateful.
many thanks,
Paul
Comments
-
OptionsXenz
Member Posts: 140
I believe I got this far on the activity too, but I think I was wrong in one of the ACL statements if I remember. Look into the statement:
permit tcp any host 10.0.1.2 eq www
If I remember right, the web server had a static IP mapped to it. It should probably be:
permit tcp any host PUBLIC_IP eq www
requests to 10.X.X.X from the WAN wouldn't look right no?Currently working on:
CCNP, 70-620 Vista 70-290 Server 2003
Packet Tracer activities and ramblings on my blog:
http://www.sbntech.info