Based on the config below, LAN clients on 192.168.100.0/24 are able to connect to the FTP server ***.**.65.118 (on the Ethernet0 subnet).
Why isn't the first "deny ip 192.168.100.0 0.0.0.255 any" being matched when the hosts initiate FTP sessions?
1700 Series Router running 12.4.
interface FastEthernet0
ip address 192.168.100.1 255.255.255.0
ip access-group 101 in
speed auto
end
interface Ethernet0
ip address ***.**.65.117 255.255.255.252
ip access-group 100 in
half-duplex
end
Extended IP access list 100
10 deny ip 192.168.100.0 0.0.0.255 any
20 permit tcp any any established (581 matches)
Extended IP access list 101
10 deny ip ***.37.65.116 0.0.0.3 any
20 permit ip any any (37235 matches)
Why isn't the first "deny ip 192.168.100.0 0.0.0.255 any" being matched when the hosts initiate FTP sessions?
1700 Series Router running 12.4.
interface FastEthernet0
ip address 192.168.100.1 255.255.255.0
ip access-group 101 in
speed auto
end
interface Ethernet0
ip address ***.**.65.117 255.255.255.252
ip access-group 100 in
half-duplex
end
Extended IP access list 100
10 deny ip 192.168.100.0 0.0.0.255 any
20 permit tcp any any established (581 matches)
Extended IP access list 101
10 deny ip ***.37.65.116 0.0.0.3 any
20 permit ip any any (37235 matches)
Facebook
Twitter