Cisco ACL to allow internet access

Hello,
I have the following VLAN configuration:

interface Vlan3
 ip address 10.10.30.1 255.255.255.0
 ip access-group 130 in
 ip nat inside
 ip virtual-reassembly
!
access-list 130 permit tcp any any established
access-list 130 permit tcp any any www
access-list 130 permit tcp any any telnet
access-list 130 permit tcp any any smtp
access-list 130 permit tcp any any pop3

If I remove acl 130 from the VLAN, then I have access to the internet.  If I apply acl 130 to the VLAN (as shown above) then I can no longer access the internet from hosts on the VLAN.  What am I doing wrong and/or missing from the acl?

Thanks for the help.
LVL 10
P1ST0LPETEAsked:
Who is Participating?
 
JFrederick29Connect With a Mentor Commented:
Add this:

access-list 130 permit udp any any eq 53
0
 
P1ST0LPETEAuthor Commented:
Ooops, forgot to include the "eq" in those lines above.  So for example

access-list 130 permit tcp any any www

is actually

access-list 130 permit tcp any any eq www

in my config file.
0
 
Don JohnstonInstructorCommented:
Please post your actual configuration.
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
P1ST0LPETEAuthor Commented:
Adding "access-list 130 permit udp any any eq 53" fixed the problem.  Why did that fix it?
0
 
P1ST0LPETEAuthor Commented:
Ah, nevermind.  I googled it.  It's allowing DNS traffic.
0
 
P1ST0LPETEAuthor Commented:
Thanks.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.