Monday, July 6, 2020

ACL Question

Hi,

I would appreciate help in understanding why this ACL against my Server range is not permitting DNS traffic back to our client computers.

DNS Server 192.168.10.5 Subnet /24

Client example 192.168.14.5 Subnet/23

Config of the ACL.

permit tcp 192.168.10.5 0.0.0.255 0.0.0.0 255.255.255.255 eq 53

permit udp 192.168.10.5 0.0.0.255 0.0.0.0 255.255.255.255 eq 53

permit udp 192.168.10.5 0.0.0.255 0.0.0.0 255.255.255.255 eq 67

permit udp 192.168.10.5 0.0.0.255 0.0.0.0 255.255.255.255 eq 68

permit tcp 192.168.10.5 0.0.0.255 0.0.0.0 255.255.255.255 eq 88

permit udp 192.168.10.5 0.0.0.255 0.0.0.0 255.255.255.255 eq 88

permit udp 192.168.10.5 0.0.0.255 0.0.0.0 255.255.255.255 eq 123

permit tcp 192.168.10.5 0.0.0.255 0.0.0.0 255.255.255.255 eq 123

permit udp 192.168.10.5 0.0.0.255 0.0.0.0 255.255.255.255 eq 135

permit udp 192.168.10.5 0.0.0.255 0.0.0.0 255.255.255.255 eq 137

permit udp 192.168.10.5 0.0.0.255 0.0.0.0 255.255.255.255 eq 138

permit tcp 192.168.10.5 0.0.0.255 0.0.0.0 255.255.255.255 eq 139

permit tcp 192.168.10.5 0.0.0.255 0.0.0.0 255.255.255.255 eq 389

permit udp 192.168.10.5 0.0.0.255 0.0.0.0 255.255.255.255 eq 389

permit tcp 192.168.10.5 0.0.0.255 0.0.0.0 255.255.255.255 eq 445

permit udp 192.168.10.5 0.0.0.255 0.0.0.0 255.255.255.255 eq 445

permit tcp 192.168.10.5 0.0.0.255 0.0.0.0 255.255.255.255 eq 464

permit udp 192.168.10.5 0.0.0.255 0.0.0.0 255.255.255.255 eq 464

permit udp 192.168.10.5 0.0.0.255 0.0.0.0 255.255.255.255 eq 500

permit tcp 192.168.10.5 0.0.0.255 0.0.0.0 255.255.255.255 eq 636

permit udp 192.168.10.5 0.0.0.255 0.0.0.0 255.255.255.255 eq 636

permit tcp 192.168.10.5 0.0.0.255 0.0.0.0 255.255.255.255 eq 3268

permit udp 192.168.10.5 0.0.0.255 0.0.0.0 255.255.255.255 eq 3268

permit tcp 192.168.10.5 0.0.0.255 0.0.0.0 255.255.255.255 eq 3269

permit udp 192.168.10.5 0.0.0.255 0.0.0.0 255.255.255.255 eq 3269

permit tcp 192.168.10.5 0.0.0.255 0.0.0.0 255.255.255.255 eq 9389

permit tcp 192.168.10.5 0.0.0.255 0.0.0.0 255.255.255.255 range 49152 65535

permit tcp 192.168.10.16 0.0.0.255 0.0.0.0 255.255.255.255 eq 53

permit udp 192.168.10.16 0.0.0.255 0.0.0.0 255.255.255.255 eq 53

permit udp 192.168.10.16 0.0.0.255 0.0.0.0 255.255.255.255 eq 67

permit udp 192.168.10.16 0.0.0.255 0.0.0.0 255.255.255.255 eq 68

permit tcp 192.168.10.16 0.0.0.255 0.0.0.0 255.255.255.255 eq 88

permit udp 192.168.10.16 0.0.0.255 0.0.0.0 255.255.255.255 eq 88

permit udp 192.168.10.16 0.0.0.255 0.0.0.0 255.255.255.255 eq 123

permit tcp 192.168.10.16 0.0.0.255 0.0.0.0 255.255.255.255 eq 123

permit udp 192.168.10.16 0.0.0.255 0.0.0.0 255.255.255.255 eq 135

permit udp 192.168.10.16 0.0.0.255 0.0.0.0 255.255.255.255 eq 137

permit udp 192.168.10.16 0.0.0.255 0.0.0.0 255.255.255.255 eq 138

permit tcp 192.168.10.16 0.0.0.255 0.0.0.0 255.255.255.255 eq 139

permit tcp 192.168.10.16 0.0.0.255 0.0.0.0 255.255.255.255 eq 389

permit udp 192.168.10.16 0.0.0.255 0.0.0.0 255.255.255.255 eq 389

permit tcp 192.168.10.16 0.0.0.255 0.0.0.0 255.255.255.255 eq 445

permit udp 192.168.10.16 0.0.0.255 0.0.0.0 255.255.255.255 eq 445

permit tcp 192.168.10.16 0.0.0.255 0.0.0.0 255.255.255.255 eq 464

permit udp 192.168.10.16 0.0.0.255 0.0.0.0 255.255.255.255 eq 464

permit udp 192.168.10.16 0.0.0.255 0.0.0.0 255.255.255.255 eq 500

permit tcp 192.168.10.16 0.0.0.255 0.0.0.0 255.255.255.255 eq 636

permit udp 192.168.10.16 0.0.0.255 0.0.0.0 255.255.255.255 eq 636

permit tcp 192.168.10.16 0.0.0.255 0.0.0.0 255.255.255.255 eq 3268

permit udp 192.168.10.16 0.0.0.255 0.0.0.0 255.255.255.255 eq 3268

permit tcp 192.168.10.16 0.0.0.255 0.0.0.0 255.255.255.255 eq 3269

permit udp 192.168.10.16 0.0.0.255 0.0.0.0 255.255.255.255 eq 3269

permit tcp 192.168.10.16 0.0.0.255 0.0.0.0 255.255.255.255 eq 9389

permit tcp 192.168.10.16 0.0.0.255 0.0.0.0 255.255.255.255 range 49152 65535

remark Deny Rules

deny ip 192.168.10.0 0.0.0.255 192.168.14.0 0.0.1.255

deny ip 192.168.10.0 0.0.0.255 192.168.30.0 0.0.0.255

deny ip 192.168.10.0 0.0.0.255 192.168.35.0 0.0.0.255

deny ip 192.168.10.0 0.0.0.255 192.168.42.0 0.0.0.255

deny ip 192.168.10.0 0.0.0.255 192.168.51.0 0.0.0.255

remark allow anything not denied

permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255



at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)