Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Cisco ACL to allow internet access

Posted on 2009-03-31
6
Medium Priority
?
666 Views
Last Modified: 2012-05-06
Hello,
I have the following VLAN configuration:

interface Vlan3
 ip address 10.10.30.1 255.255.255.0
 ip access-group 130 in
 ip nat inside
 ip virtual-reassembly
!
access-list 130 permit tcp any any established
access-list 130 permit tcp any any www
access-list 130 permit tcp any any telnet
access-list 130 permit tcp any any smtp
access-list 130 permit tcp any any pop3

If I remove acl 130 from the VLAN, then I have access to the internet.  If I apply acl 130 to the VLAN (as shown above) then I can no longer access the internet from hosts on the VLAN.  What am I doing wrong and/or missing from the acl?

Thanks for the help.
0
Comment
Question by:P1ST0LPETE
  • 4
6 Comments
 
LVL 10

Author Comment

by:P1ST0LPETE
ID: 24032326
Ooops, forgot to include the "eq" in those lines above.  So for example

access-list 130 permit tcp any any www

is actually

access-list 130 permit tcp any any eq www

in my config file.
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 24032624
Please post your actual configuration.
0
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 2000 total points
ID: 24032642
Add this:

access-list 130 permit udp any any eq 53
0
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

 
LVL 10

Author Comment

by:P1ST0LPETE
ID: 24032848
Adding "access-list 130 permit udp any any eq 53" fixed the problem.  Why did that fix it?
0
 
LVL 10

Author Comment

by:P1ST0LPETE
ID: 24032866
Ah, nevermind.  I googled it.  It's allowing DNS traffic.
0
 
LVL 10

Author Closing Comment

by:P1ST0LPETE
ID: 31565009
Thanks.
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question