cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

MS 120 Slow to accept and also run the ACL

Highlighted
Getting noticed

MS 120 Slow to accept and also run the ACL

MS 120 Slow to accept and also run the ACL

 

 

1- I made an ACL on The MS 120 but it takes a long time to change the ACL.

it is about 20 min.

 

 

 

IT IS NOT JUST PROBLEM,  packet processing slow also. so I cant make a handshake with my SQL server Authentication. that SQL Authentication gets fail when ACL is running.

 

 
MS120 ACL-2.PNG

 

 

 

 

 

 

kav noroozi
9 REPLIES 9
Highlighted
Kind of a big deal

Re: MS 120 Slow to accept and also run the ACL

The return traffic ACLs, like rule 2, are wrong.

 

The source and destination should be swapped.

Highlighted
Getting noticed

Re: MS 120 Slow to accept and also run the ACL

Thank you Philip.

i just change the ACL as you can see.

172.18.0.0/24 is the subnet  which i wont have full port access to my server farm 172.16.0.0/24

18 subnet need to access to subnet 16 for , HTTPS(443) RDP (3389, DNS 53, and SQL 1433

 

when i applied that ACL Meraki for this port and that destination became so slow.

kav noroozi
Highlighted
Kind of a big deal

Re: MS 120 Slow to accept and also run the ACL

What is the IP address of your server and what is the IP address of your client trying to access the server?

Highlighted
Getting noticed

Re: MS 120 Slow to accept and also run the ACL

172.18.0.0/24  is my client's subnet need to connect to  some server in 172.16.0..0/24MS120 ACL 3.PNG

kav noroozi
Highlighted
Kind of a big deal

Re: MS 120 Slow to accept and also run the ACL

You don't have any rules to allow the return traffic.

 

You need a rule to allow traffic from 172.18.0.0/24 to 172.16.0.0/24 with a destination port of tcp/443 AND a rule to allow the return traffic (source 172.16.0..0/24, source port 443 to destination 172.18.0.0/24).

 

Ditto for the other rules.

Getting noticed

Re: MS 120 Slow to accept and also run the ACL

I think for return is should be ok because  at the END of the ACL i have Allow any  any any any any, isn't it?

kav noroozi
Highlighted
Getting noticed

Re: MS 120 Slow to accept and also run the ACL

so you mean somthing like this? MS120 ACL-4.PNG

kav noroozi
Highlighted
Getting noticed

Re: MS 120 Slow to accept and also run the ACL

Hi Philip did you see my msg?

kav noroozi
Highlighted
Kind of a big deal

Re: MS 120 Slow to accept and also run the ACL

Yes that looks much better to me now.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.