We've got a problem that we think is due to the access list.
On the (in) interface we have an access-list like:
permit tcp any x.x.x.0 0.0.0.255 established
permit icmp any any
permit tcp any any eq domain
permit udp any any eq domain
deny ip any any
And no access list on the (out) interface.
Both sides were originally more stringent, but we've
loosed up to try and see if we can get things to work.
Problem is that when we enable the (in) list, we
are not able obtain web pages using host names
from inside the network going out
doesn't work but
When the (in) list is disabled we don't have any problems,
but neither do those people with too much time on their