Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Access-list not working properly??

Posted on 2004-08-04
7
Medium Priority
?
293 Views
Last Modified: 2010-04-17
Hi,

I have created the following access-list;

access-list 110 permit tcp any host x.x.x.10 eq www
access-list 110 permit tcp any host x.x.x.10 eq 443
access-list 110 permit tcp any host x.x.x.10 eq 22
access-list 110 permit tcp any host x.x.x.12 eq smtp
access-list 110 permit tcp any host x.x.x.12 eq pop3
access-list 110 permit tcp any host x.x.x.12 eq 22
access-list 110 permit icmp any any unreachable
access-list 110 permit icmp any any echo
access-list 110 permit icmp any any echo-reply
access-list 110 permit icmp any any time-exceeded

access-list 115 permit ip any any

Then I applied them to my serial interface which is connected to my ISP

int s0
ip access-group 110 in
ip access-group 115 out

Problem:

The problem is in-coming works fine, and I can ssh in from external to x.x.x.10 and 12. And I can receive email. But for out-going traffic I cannot ssh out, I cannot surf the net and ping, and I cannot send emails. I'm using cisco 1700 with IOS Version 12.1(2). Both machines (10 and 12) are using public IPs.

Can anyone help me? Thanks

0
Comment
Question by:smw42
7 Comments
 
LVL 36

Accepted Solution

by:
grblades earned 600 total points
ID: 11724794
Add the following to the beginning of the access list
access-list 110 permit tcp any any established

Currently you are not permitting the reply packets to come back into the serial interface.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 11725183
You also need to permit dns replys back in.
Add this line also:

access-list 110 permit udp any eq domain any

0
 
LVL 1

Expert Comment

by:kuro2ck
ID: 11727093
Post the rest of your config then we can see all your nat statements too.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 28

Expert Comment

by:mikebernhardt
ID: 11731374
Why bother using access-list 115 at all if you're permitting everything? It has no effect on your question, which has already been well-answered. But no access-list and access-group is the same as what you have, but without the fuss.
0
 

Author Comment

by:smw42
ID: 11732766
access-list 115 was coz i could not get out going traffic,. so i just added that to test.

did not setup net. so my access-list shouldn't have much configuration

thanks.
0
 

Author Comment

by:smw42
ID: 11732770
did not set up nat i mean
0
 

Author Comment

by:smw42
ID: 11732802
how do i give points to the other answers too?? sorry i'm new to ee
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen some questions on problems with SSH/telnet access to Cisco routers that may occur despite the fact that from a PC connected to your LAN, Internet connectivity is in place and users can access Internet sites without any issues.  There are…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question