Create New Network with Cisco Packet Tracer 4.1

Thanks, would you help me to create the ACL. I am looking for a program to do the ACL simulation. I know the Cisco ACL Editor And Simulation. Do you know where to download the full version.

Regards,

Packet Tracer should be able to handle the ACLs just fine, of course the best free "simulator" around is GNS3 (www.gns3.net) if your able to get your hands on a real IOS image. As for ACL Editor it can be purchased here http://www.garethevans.info/products/acleditor for £20

What do you have done so far?

I already done the network Ip allocation. I am now having the problem with the ACL. I can't make the router work. I try to create ACL but it doesn't work when I ping the Ip address. Can you help?

Post your config or the packet tracer file and I'll have a look

Thanks. Here is it.

Packet Tracer 4.1 program download.
ftp://satotech.serveftp.com/lim/packet_tracer_411.zip

Packet Tracer File
ftp://satotech.serveftp.com/lim/Part%20B%20-%20Wiithout%20ACL.pkt

I am sorry the forum won't allow me to upload. I put a link for you to download from my FTP server.

Many thanks.

My due date is today. Do you have any chance to look at it yet? I need it by today before 9pm Australia time today.

If you can help it will be very much appreciate.

Thanks.

I didn't realise this was a priority, I'll look at it now

You are good man. I love this experts exchange more and more now. It ready help people. I will highly recommend my IT friends this website from now on.

Thanks.

I'll leave the rest and what interfaces to add the ACLs to in your capable hands.

WAN
--
ip access-list extended LAN->HTTP
 permit tcp 141.70.0.0 0.0.255.255 any eq www
ip access-list extended SERVERS
 permit ip 141.70.64.0 0.0.0.63 141.70.5.0 0.0.0.3
 permit ip 141.70.48.0 0.0.0.255 141.70.5.0 0.0.0.3
 permit ip 141.70.112.0 0.0.3.255 141.70.5.0 0.0.0.3
 permit tcp 141.70.0.0 0.0.255.255 host 141.70.5.1 eq www
 permit tcp 141.70.0.0 0.0.255.255 host 141.70.5.2 eq smtp
ip access-list extended WAN->Servers
 permit tcp any 141.70.5.0 0.0.0.3
--
IT MNT
ip access-list standard IT->Management
 permit 141.70.48.0 0.0.0.255

Thanks for your help. I just try again to set the router connect the IT and Management as below:
      
Router>enable
Router#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#access-list 1 permit 141.70.48.0 0.0.0.255
Router(config)#exit
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#interface GigabitEthernet0/0
Router(config-if)#
Router(config-if)#exit
Router(config)#interface GigabitEthernet0/0
Router(config-if)#ip access-group 1 in
Router(config-if)#exit
Router(config)#
Router(config)#interface GigabitEthernet1/0
Router(config-if)#ip access-group 1 out
Router(config-if)#exit
Router(config)#

And I try to ping from IT host to Management host and it still give the result as below:
Packet Tracer PC Command Line 1.0
PC>ping 141.79.64.1

Pinging 141.79.64.1 with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 141.79.64.1:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

I don't know where I did wrong and why it keep no reply. I has been try for few days and can't make it work until today my due date and I still try to work it out. Can you tell me why it doesn't work? Can you help me to configure some of ther router in the pkt file so I can try to understand from there.

Thanks.

Here is the config I get from the router.

Router#show running-config
Building configuration...

Current configuration : 626 bytes
!
version 12.2
no service password-encryption
!
hostname Router
!
!
!
!
interface GigabitEthernet0/0
 ip address 141.70.63.254 255.255.240.0
 ip access-group 1 in
 duplex auto
 speed auto
!
interface GigabitEthernet1/0
 ip address 141.70.79.254 255.255.240.0
 ip access-group 1 out
 duplex auto
 speed auto
!
interface Serial2/0
 ip address 141.70.10.6 255.255.240.0
!
interface Serial3/0
 no ip address
 shutdown
!
interface FastEthernet4/0
 no ip address
 shutdown
!
interface FastEthernet5/0
 no ip address
 shutdown
!
ip classless
!
access-list 1 permit 141.70.48.0 0.0.0.250
!
!
!
line con 0
line vty 0 4
 login
!
!
end

Check your IPs on the Mng IT router. The 48 network should be on the router's interface that connects IT and a 64 network should be on the interface that connects management.

I am panic now. All the interface and IP is correct why is still not getting through. Below is the Ip I reconfigure. Even I try to go both way in and out still no respond from ping.

Router#show running-config
Building configuration...

Current configuration : 671 bytes
!
version 12.2
no service password-encryption
!
hostname Router
!
!
!
!
interface GigabitEthernet0/0
 ip address 141.70.48.254 255.255.240.0
 ip access-group 1 in
 ip access-group 1 out
 duplex auto
 speed auto
!
interface GigabitEthernet1/0
 ip address 141.70.64.254 255.255.240.0
 ip access-group 1 in
 ip access-group 1 out
 duplex auto
 speed auto
!
interface Serial2/0
 ip address 141.70.10.6 255.255.240.0
!
interface Serial3/0
 no ip address
 shutdown
!
interface FastEthernet4/0
 no ip address
 shutdown
!
interface FastEthernet5/0
 no ip address
 shutdown
!
ip classless
!
access-list 1 permit 141.70.48.0 0.0.0.250
!
!
!
line con 0
line vty 0 4
 login
!
!
end

The access-list should be set on gig1/0 outbound

Router#show running-config
Building configuration...

Current configuration : 626 bytes
!
version 12.2
no service password-encryption
!
hostname Router
!
!
!
!
interface GigabitEthernet0/0
 ip address 141.70.48.254 255.255.240.0
 ip access-group 1 in
 duplex auto
 speed auto
!
interface GigabitEthernet1/0
 ip address 141.70.64.254 255.255.240.0
 ip access-group 1 out
 duplex auto
 speed auto
!
interface Serial2/0
 ip address 141.70.10.6 255.255.240.0
!
interface Serial3/0
 no ip address
 shutdown
!
interface FastEthernet4/0
 no ip address
 shutdown
!
interface FastEthernet5/0
 no ip address
 shutdown
!
ip classless
!
access-list 1 permit 141.70.48.0 0.0.0.250
!
!
!
line con 0
line vty 0 4
 login
!
!
end

Still the same result
PC>ping 141.70.64.1

Pinging 141.70.64.1 with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 141.70.64.1:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

I feel like I miss out some part of the setup in the router. Rounting setup?? Static & RIP ?? Can you help to make this router work in my packet tracer file and give it to me? I almost give up now.

Your problem is a typo in the access-list you had, access-list 1 permit 141.70.48.0 0.0.0.250 instead of access-list 1 permit 141.70.48.0 0.0.0.255 which changes the logic drastically.
Pings work fine on my side of things.

Now the IT -> Management is working. How do I implement your ACL to each router from the host to the server? Can you guide me in step by step? I get block by the Router Management IT to the WAN Router.

Thanks.

I went to bed for the day :), Did you figure this out? I can still help you with this for knowledge purposes

Sorry no. I still work on it. I can't make the ACL function. If I apply the gateway, it will allow to ping both way in Management and IT. Then I implement the ACL that you give to me at "interface GigabitEthernet1/0" as outbound. It make no different. When I try to insert and access-list deny from Management to IT "interface GigabitEthernet0/0 then block the ping both way in the LAN. I was try it until 4am in the morning and give up. It make me go crazy.

I am sorry this is my first time of touching Cisco. Do you know anything wrong or anything that I should take note to implement the ACL? Any concept or guide line for me to follow?

Thanks.

Can you repost the updated packet tracer file? I'll look it over and let you know.

Thanks. Here is it.

Packet Tracer 4.1 program download.
ftp://satotech.serveftp.com/lim/packet_tracer_411.zip

Packet Tracer File
ftp://satotech.serveftp.com/lim/Part%20B%20-%20With%20ACL.pkt

Please tell me is there any problem on physical connectivity. Router setting RIP/Static and so on.

Thanks for looking over again. I am finish work soon. I will be continue to working on Pakect Traser again in another 1 hr. Have you got the chance to look at it yet?

Some of the problems I found with your network.
No connectivity. All serial links were up/down because no clock rate was configured on the DCE, done with clock rate 64000

Incorrect IP address was used, everything used a mask of 255.255.240.0 when you were asked to use variable subnetting for each segment.

RIP was also incorrectly configured. Version 2 should have been used because of the variable subnet requirements. Also split horizon needed to be disabled on all the WAN router's serial interfaces since RIP  by default will not send updates out to the spoke routers otherwise.

Lastly your ACL placement was incorrect, you tend to use both in/out directions on the same interface, careful planning is needed to know what kind of affect this would cause.

If I have time tonight 'll fix up the pkt file so you can see how it looks.

Thanks a lot. I will look into the problems you just mention when you fix up my pkt file.

Many thanks.

While double checking I found a couple changes didn't save.
All the servers should have a mask of 255.255.255.248
And the research computer should have a mask of 255.255.255.128

I also have a couple recommendations for when you post another question on the site to improve your success.

If you need assistance in another assignment, please clearly state in the question that it is homework and what exactly you need a hand with as well as what you have tried rather then just posting the question requirements. Experts will be more likely to assist you if you make it clear that your trying to understand a problem rather then get some experts to do your homework. Also if the deadline is add the date to the question and possibly raise the point value of the question so we can better gauge the urgency.

Lastly, you have rated yourself a guru on the subject, but have said you don't have much experience with Cisco. This can mislead the experts and effect the level of help you receive. Since to us it looks like you have a firm understanding of the topic and requires minimal explaination to get you going.

Thanks. Good help but take a some time to work it out.

Thanks for your advice. I still not understand on the certain part of the Subnet and ACL. Would I be able to get your help later? I still can't granted the ACL but I will study it and work it out later.