[Solved] You created a Network ACL with these rules:Rule 100: Allow inbound TCP port 22 from 10.0.0.0/16Rule 110: Deny all inbound trafficBut SSH connections from 10.0.1.5 are failing.... | AWS

AWS - Security Groups and Network ACLs

You created a Network ACL with these rules:
Rule 100: Allow inbound TCP port 22 from 10.0.0.0/16
Rule 110: Deny all inbound traffic
But SSH connections from 10.0.1.5 are failing. What is the likely problem?

AThe Network ACL is stateless and missing an outbound allow rule for port 22

BThe security group attached to the instance denies SSH

CThe subnet does not have a route to the internet

DThe IP 10.0.1.5 is outside the allowed range

Step-by-Step Solution

Solution:

Step 1: Recall Network ACL stateless behavior
Network ACLs are stateless, so return traffic must be explicitly allowed by outbound rules.
Step 2: Analyze rules and failure cause
Inbound SSH is allowed, but if outbound port 22 is denied, the response cannot return, causing failure.
Final Answer:
The Network ACL is stateless and missing an outbound allow rule for port 22 -> Option A
Quick Check:
Stateless ACLs need inbound and outbound rules [OK]

Quick Trick: Stateless ACLs need both inbound and outbound rules [OK]

Common Mistakes:

MISTAKES

Assuming ACLs are stateful like security groups
Ignoring outbound rules for return traffic
Mistaking IP range or subnet routing as cause

Master "Security Groups and Network ACLs" in AWS

9 interactive learning modes - each teaches the same concept differently

Learn Why Deep Visual Try Challenge Project Recall Time

More AWS Quizzes

You created a Network ACL with these rules:

Step 1: Recall Network ACL stateless behavior

Step 2: Analyze rules and failure cause

Final Answer:

Quick Check:

Want More Practice?