Solved

Cisco ACL to allow internet access

Posted on 2009-03-31
6
651 Views
Last Modified: 2012-05-06
Hello,
I have the following VLAN configuration:

interface Vlan3
 ip address 10.10.30.1 255.255.255.0
 ip access-group 130 in
 ip nat inside
 ip virtual-reassembly
!
access-list 130 permit tcp any any established
access-list 130 permit tcp any any www
access-list 130 permit tcp any any telnet
access-list 130 permit tcp any any smtp
access-list 130 permit tcp any any pop3

If I remove acl 130 from the VLAN, then I have access to the internet.  If I apply acl 130 to the VLAN (as shown above) then I can no longer access the internet from hosts on the VLAN.  What am I doing wrong and/or missing from the acl?

Thanks for the help.
0
Comment
Question by:P1ST0LPETE
  • 4
6 Comments
 
LVL 10

Author Comment

by:P1ST0LPETE
ID: 24032326
Ooops, forgot to include the "eq" in those lines above.  So for example

access-list 130 permit tcp any any www

is actually

access-list 130 permit tcp any any eq www

in my config file.
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 24032624
Please post your actual configuration.
0
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 500 total points
ID: 24032642
Add this:

access-list 130 permit udp any any eq 53
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 10

Author Comment

by:P1ST0LPETE
ID: 24032848
Adding "access-list 130 permit udp any any eq 53" fixed the problem.  Why did that fix it?
0
 
LVL 10

Author Comment

by:P1ST0LPETE
ID: 24032866
Ah, nevermind.  I googled it.  It's allowing DNS traffic.
0
 
LVL 10

Author Closing Comment

by:P1ST0LPETE
ID: 31565009
Thanks.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now