CORRECT TEXT
A corporation wants to add security to its network. The requirements are:
– Host B should be able to use a web browser (HTTP) to access the Finance Web Server.
– Other types of access from host B to the Finance Web Server should be blocked.
– All access from hosts m the Core or local LAN to the finance Web Server should be blocked.
– AM hosts in the Core and on local LAN should be able to access the Public Web Server.
You have been tasked to create and apply a numbered access list to n single outbound interface
—-
can contain no more than three statements that meets these requirements.
Access to the router CLI can be gained by clicking on the appropriate host.
A corporation wants to add security to its network. The requirements are:
– Host B should be able to use a web browser (HTTP) to access the Finance Web Server.
– Other types of access from host B to the Finance Web Server should be blocked.
– All access from hosts in the Core or local LAN to the Finance Web Server should be blocked.
– All hosts in the Core and on local LAN should be able to access the Public Web Server.
You have been tasked to create and apply a numbered access list to n single outbound interface.
This access list can contain no more than three statements that meets these requirements.
Access to the router CLI can be gained by clicking on the appropriate host.
All passwords have been temporarily set to “cisco”
The Core connection uses an IP address of 198.18.222.65
The computers in the Hosts LAN have been assigned addresses of 192.168.86 1-
192.168.86.254.
host A 192.168.86.1
host B 192.168.86.2
host C 192.168.86.3
host D 192.168.86.4
The Finance Web Server has been assigned an address of 172.22.63.17
The Public Web Server in the Server LAN has been assigned an address of 172.22.63.18
Answer: See the explanation
Explanation:
Here are the step by Step Solution for this:Corp1#configure terminal
Our access-list needs to allow host B – 192.168.86.3 to the Finance Web Server 172.22.63.17 via
web (port 80)
Corp1(config)#access-list 100 permit tcp host 192.168.33.3 host 172.22.63.17 eq 80
All hosts in the Core and on local LAN should be able to access the Public Web Server
Corp1(config)#access-list 100 permit ip any host 172.22.63.18
All other traffic is denied
Corp1(config)#access-list 100 deny ip any any
Apply this access-list to LAN interface (need to figure out the interface to apply it to based on the
topology diagram)
Corp1(config)#interface fa0/0
Corp1(config-if)#ip access-group 100 out