Cisco Router, ACLs, NAT and permitting established connections
Posted on 2008-06-22
I have a Cisco 877 running the ADVIPSERVICES T-Train image and have the following setup:
LAN |============|Cisco 877|============| Internet
VLAN2 +-----------+ Dialer0
ACL for VLAN2 is Inside_Access_In applied to 'in'
ACL for Dialer0 is Outside_Access_In applied to 'in'
permit tcp 10.0.250.0 0.0.0.255 any
permit udp 10.0.250.0 0.0.0.255 any
permit icmp 10.0.250.0 0.0.0.255 any
deny ip any any log
Here is my problem - I've tried a few different things on the border ACL such as permitting 'established' connections and such, however whenever the ACL is applied I am unable to browse web pages. Everything else works, such as name resolution, etc. Just can't get a page open.
How do I create this ACL so that NAT will punch holes as it needs but won't expose any open ports on the Cisco to the world? I know I am missing something here, however what still eludes me.