Cisco access-list help
Posted on 2011-03-01
I'm trying to block all traffic except http & DNS. This should be applied to the VLAN2 interface.
I created the following access-list :
1811W#show ip access-list 109
Extended IP access list 109
10 permit tcp any any eq www (119 matches)
20 permit tcp any any eq 443
30 permit udp any any eq 443
40 permit udp any host 18.104.22.168 eq domain
50 permit udp any host 22.214.171.124 eq domain
60 deny tcp any any
And Applied it to the vlan :
no ip address
ip access-group 109 out
ip address 192.168.1.1 255.255.255.0
ip nat inside
For a reason that I can't point, this is not working. I also try to apply the access-list on the BVI interface which is working but I get no traffic at all in that situation, everything is blocked. I would appreciate a little help please.
Thank you !