Solved

Cisco ACL to allow internet access

Posted on 2009-03-31
6
655 Views
Last Modified: 2012-05-06
Hello,
I have the following VLAN configuration:

interface Vlan3
 ip address 10.10.30.1 255.255.255.0
 ip access-group 130 in
 ip nat inside
 ip virtual-reassembly
!
access-list 130 permit tcp any any established
access-list 130 permit tcp any any www
access-list 130 permit tcp any any telnet
access-list 130 permit tcp any any smtp
access-list 130 permit tcp any any pop3

If I remove acl 130 from the VLAN, then I have access to the internet.  If I apply acl 130 to the VLAN (as shown above) then I can no longer access the internet from hosts on the VLAN.  What am I doing wrong and/or missing from the acl?

Thanks for the help.
0
Comment
Question by:P1ST0LPETE
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
6 Comments
 
LVL 10

Author Comment

by:P1ST0LPETE
ID: 24032326
Ooops, forgot to include the "eq" in those lines above.  So for example

access-list 130 permit tcp any any www

is actually

access-list 130 permit tcp any any eq www

in my config file.
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 24032624
Please post your actual configuration.
0
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 500 total points
ID: 24032642
Add this:

access-list 130 permit udp any any eq 53
0
Webinar June 1st - Attacking Ransomware  

The global cyberattack that corrupted hundreds of thousands of computer systems on May 12th had a face, name, & price tag that we’ve seen all too often in recent years: Ransomware. With the stakes – and costs – of a ransomware attack higher than ever, is your business prepared ?

 
LVL 10

Author Comment

by:P1ST0LPETE
ID: 24032848
Adding "access-list 130 permit udp any any eq 53" fixed the problem.  Why did that fix it?
0
 
LVL 10

Author Comment

by:P1ST0LPETE
ID: 24032866
Ah, nevermind.  I googled it.  It's allowing DNS traffic.
0
 
LVL 10

Author Closing Comment

by:P1ST0LPETE
ID: 31565009
Thanks.
0

Featured Post

MIM Survival Guide for Service Desk Managers

Major incidents can send mastered service desk processes into disorder. Systems and tools produce the data needed to resolve these incidents, but your challenge is getting that information to the right people fast. Check out the Survival Guide and begin bringing order to chaos.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Network Switches 3 63
Monitoring solutions 8 110
Turning Verizon Fios Router into a Bridge? 28 132
Port status messages not appearing in console 11 59
Is your computer hacked? learn how to detect and delete malware in your PC
Arrow Electronics was searching for a KVM  (Keyboard/Video/Mouse) switch that could display on one single monitor the current status of all units being tested on the rack.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question