P1ST0LPETE
asked on
Cisco ACL to allow internet access
Hello,
I have the following VLAN configuration:
interface Vlan3
ip address 10.10.30.1 255.255.255.0
ip access-group 130 in
ip nat inside
ip virtual-reassembly
!
access-list 130 permit tcp any any established
access-list 130 permit tcp any any www
access-list 130 permit tcp any any telnet
access-list 130 permit tcp any any smtp
access-list 130 permit tcp any any pop3
If I remove acl 130 from the VLAN, then I have access to the internet. If I apply acl 130 to the VLAN (as shown above) then I can no longer access the internet from hosts on the VLAN. What am I doing wrong and/or missing from the acl?
Thanks for the help.
I have the following VLAN configuration:
interface Vlan3
ip address 10.10.30.1 255.255.255.0
ip access-group 130 in
ip nat inside
ip virtual-reassembly
!
access-list 130 permit tcp any any established
access-list 130 permit tcp any any www
access-list 130 permit tcp any any telnet
access-list 130 permit tcp any any smtp
access-list 130 permit tcp any any pop3
If I remove acl 130 from the VLAN, then I have access to the internet. If I apply acl 130 to the VLAN (as shown above) then I can no longer access the internet from hosts on the VLAN. What am I doing wrong and/or missing from the acl?
Thanks for the help.
Please post your actual configuration.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Adding "access-list 130 permit udp any any eq 53" fixed the problem. Why did that fix it?
ASKER
Ah, nevermind. I googled it. It's allowing DNS traffic.
ASKER
Thanks.
ASKER
access-list 130 permit tcp any any www
is actually
access-list 130 permit tcp any any eq www
in my config file.