Solved

Cisco ACL to allow internet access

Posted on 2009-03-31
6
650 Views
Last Modified: 2012-05-06
Hello,
I have the following VLAN configuration:

interface Vlan3
 ip address 10.10.30.1 255.255.255.0
 ip access-group 130 in
 ip nat inside
 ip virtual-reassembly
!
access-list 130 permit tcp any any established
access-list 130 permit tcp any any www
access-list 130 permit tcp any any telnet
access-list 130 permit tcp any any smtp
access-list 130 permit tcp any any pop3

If I remove acl 130 from the VLAN, then I have access to the internet.  If I apply acl 130 to the VLAN (as shown above) then I can no longer access the internet from hosts on the VLAN.  What am I doing wrong and/or missing from the acl?

Thanks for the help.
0
Comment
Question by:P1ST0LPETE
  • 4
6 Comments
 
LVL 10

Author Comment

by:P1ST0LPETE
ID: 24032326
Ooops, forgot to include the "eq" in those lines above.  So for example

access-list 130 permit tcp any any www

is actually

access-list 130 permit tcp any any eq www

in my config file.
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 24032624
Please post your actual configuration.
0
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 500 total points
ID: 24032642
Add this:

access-list 130 permit udp any any eq 53
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 10

Author Comment

by:P1ST0LPETE
ID: 24032848
Adding "access-list 130 permit udp any any eq 53" fixed the problem.  Why did that fix it?
0
 
LVL 10

Author Comment

by:P1ST0LPETE
ID: 24032866
Ah, nevermind.  I googled it.  It's allowing DNS traffic.
0
 
LVL 10

Author Closing Comment

by:P1ST0LPETE
ID: 31565009
Thanks.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Before I go to far, let's explain HA (High Availability) and why you should consider it.  High availability is the mechanism used to provide redundancy to any service at the same site and appears as a single service to the users of that service.  As…
As companies replace their old PBX phone systems with Unified IP Communications, many are finding out that legacy applications such as fax do not work well with VoIP. Fortunately, Cloud Faxing provides a cost-effective alternative that works over an…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now