Ticket 5 – R1 ACL
Client is not able to ping the server. no one can ping the server.
Problem:on R1 acl blocking ip
Configuration on R1
description Link to ISP
ip address 220.127.116.11 255.255.255.252
ip nat outside
ip access-group edge_security in
ip access-list extended edge_security
deny ip 10.0.0.0 0.255.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
deny ip 192.168.0.0 0.0.255.255 any
deny 127.0.0.0 0.255.255.255 any
permit ip host 18.104.22.168 any
Answer: add permit ip 22.214.171.124 0.0.0.3 any command to R1’s ACL
Ans2) IPv4 Layer 3 Security
Ans3) Under the ip access-list extended edge-security configuration add the permit ip 126.96.36.199 0.0.0.3 any command
+ This is the only ticket the extended access-list edge_security exists. In other tickets, the access-list 30 is applied to the inbound direction of S0/0/1 of R1.
+ Although host 188.8.131.52 is permitted to go through the access-list (permit ip host 184.108.40.206 any) but R1 cannot ping the web server because R1 cannot establish BGP session with neighbor 220.127.116.11.