Hey,
Learning how to configure ACLs. My VLAN60 the default action is deny any. Im trying to allow internet access from VLAN 60 but having some difficulties.
I have it setup but whenever I enable the ACL, any device on the VLAN is unable to access the internet.
ip access-list extended VLAN60_OUT
permit tcp 10.240.60.0 0.0.0.255 any any 80 ace-priority 11
permit tcp 10.240.60.0 0.0.0.255 any any 443 ace-priority 11
deny ip 10.240.60.0 0.0.0.255 10.240.1.0 0.0.0.255 ace-priority 90
deny ip 10.240.1.0 0.0.0.255 10.240.60.0 0.0.0.255 ace-priority 100
Not sure what im doing wrong?
80/443 are set on the destination port and source port is set to any.
SG300 is connected to our ASA 5512 which doesn't have anything being blocked from the inside to outside. It has a Ikev2 site-site VPN connection to our datacenter which hosts our AD/DNS server.
No comments:
Post a Comment