The task is to create and apply an access-list with no more than three statements that will ONLY host C web access to the Finance Web Server.

Answer: See the explanation

Explanation:
Corp1>enable
Corp1#configure terminal
Corp1(config)#access-list 100 permit tcp host 192.168.33.3 host 172.22.242.23 eq 80
Corp1(config)#access-list 100 deny tcp 192.168.33.0 0.0.0.255 host 172.22.242.23 eq 80
Corp1(config)#access-list 100 permit ip any any
Corp1(config)#interface fa 0/1 sh ip int brief
Corp1(config-if)#ip access-group 100 out
Corp1(config-if)#end
Corp1#copy running-config startup-config

Select the console on Corp1 router
Configuring ACL Corp1 >enable Corp1#configure terminal
comment: To permit only Host C (192.168. 33. 3){source addr} to access finance server
address (172. 22. 242. 23)
{destination addr} on port number 80 (web)
Corp1(config)#access-list 100 permit tcp host 192. 168. 33. 3 host 172. 22. 242. 23 eq 80
comment: To deny any source to access finance server address (172. 22. 242. 23)
{destination addr} on port number 80 (web)
Corp1(config)#access-list 100 deny tcp any host 172. 22. 242. 23 eq 80
comment: To permit ip protocol from any source to access any destination because of the
implicit deny any any statement at the end of ACL.
Corp1(config)#access-list 100 permit ip any any
Applying the ACL on the Interface
comment: Check show ip interface brief command to identify the interface type and number
by checking the IP address configured.
Corp1(config)#interface fa 0/1
If the ip address configured already is incorrect as well as the subnet mask, this should be
corrected in order
ACL to work
type this commands at interface mode :
no ip address 192. x. x. x 255. x. x. x (removes incorrect configured ip address and subnet
mask) Configure Correct IP Address and subnet mask:
ip address 172. 22. 242. 30 255. 255. 255. 240 (range of address specified going to server is
given as 172. 22. 242. 17-172. 22. 242. 30 )
comment: Place the ACL to check for packets going outside the interface towards the
finance web server.
Corp1(config-if)#ip access-group 100 out
Corp1(config-if)#end
Important: To save your running config to startup before exit. Corp1#copy running-config
startup-config Verifying the Configuration :
Step1: show ip interface brief command identifies the interface on which to apply access list.
Step2: Click on each host A,B,C & D. Host opens a web browser page, Select address box
of the web browser and type the ip address of finance web server(172. 22. 242. 23) to test
whether it permits /deny access to the finance web Server.
Step 3: Only Host C (192.168. 33. 3) has access to the server. If the other host can also
access then maybe something went wrong in your configuration check whether you
configured correctly and in order.
Step 4: If only Host C (192.168. 33. 3) can access the Finance Web Server you can click on
NEXT button to successfully submit the ACL SIM.