04-06-2011, 05:41 AM
(04-01-2011, 02:18 AM)Djmillymil link Wrote:Yea I'm getting the same thing.
Correct me if I'm wrong but extended ACLs should be placed closest to the source, so it should be applied in Fa0/1 going out.
There is even something in the answer that leads me to think that this SIM is a little messed up...on Step 3.
It is a general rule but not always true. In this case if you apply it to the Fa0/1 going out, how can it filter traffic coming from the Core network (S0/1) and leaving towards Servers LAN (F0/0). The out direction even cannot filter the traffic originating from other PCs in the Hosts LAN destined for Stock Web Server. Even the "in" direction on F0/1 is not fulfilling the requirement of checking the traffic from the Core network to the Stock Web Server.
Please read your books for clear understanding of ACL directions and their effects.