Some tips when troubleshooting ACL:
- Ensure correct IP and wildcast masks are correctly entered into the ACL
- Ensure an access-group is applied to an interface
- If no traffic is permitted, all traffic will be denied, there is an explicit deny.
- Access-lists are read top to bottom, if a first match is found it will stop reading. So if a deny is specified it may block a permit statement. Order of ACL is important.
- Remarks can be added to ACL to make reading them in future easier using the access-list <number> remark “This ACL blocks FTP”