Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Cisco ACL to allow internet access

Posted on 2009-03-31
6
Medium Priority
?
661 Views
Last Modified: 2012-05-06
Hello,
I have the following VLAN configuration:

interface Vlan3
 ip address 10.10.30.1 255.255.255.0
 ip access-group 130 in
 ip nat inside
 ip virtual-reassembly
!
access-list 130 permit tcp any any established
access-list 130 permit tcp any any www
access-list 130 permit tcp any any telnet
access-list 130 permit tcp any any smtp
access-list 130 permit tcp any any pop3

If I remove acl 130 from the VLAN, then I have access to the internet.  If I apply acl 130 to the VLAN (as shown above) then I can no longer access the internet from hosts on the VLAN.  What am I doing wrong and/or missing from the acl?

Thanks for the help.
0
Comment
Question by:P1ST0LPETE
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
6 Comments
 
LVL 10

Author Comment

by:P1ST0LPETE
ID: 24032326
Ooops, forgot to include the "eq" in those lines above.  So for example

access-list 130 permit tcp any any www

is actually

access-list 130 permit tcp any any eq www

in my config file.
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 24032624
Please post your actual configuration.
0
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 2000 total points
ID: 24032642
Add this:

access-list 130 permit udp any any eq 53
0
Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

 
LVL 10

Author Comment

by:P1ST0LPETE
ID: 24032848
Adding "access-list 130 permit udp any any eq 53" fixed the problem.  Why did that fix it?
0
 
LVL 10

Author Comment

by:P1ST0LPETE
ID: 24032866
Ah, nevermind.  I googled it.  It's allowing DNS traffic.
0
 
LVL 10

Author Closing Comment

by:P1ST0LPETE
ID: 31565009
Thanks.
0

Featured Post

Survive A High-Traffic Event with Percona

Your application or website rely on your database to deliver information about products and services to your customers. You can’t afford to have your database lose performance, lose availability or become unresponsive – even for just a few minutes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As companies replace their old PBX phone systems with Unified IP Communications, many are finding out that legacy applications such as fax do not work well with VoIP. Fortunately, Cloud Faxing provides a cost-effective alternative that works over an…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question