We have a server in a vlan with an ACL outb out on it to permit traffic from outside the ACL to the server.
ip access-list extended vlan320-outb
permit tcp any x.x.x.x x.x.x.x established
permit tcp any host xxx.xxx.xxx.xxx eq 80
deny ip any any log
ip access-group vlan320-outb out
This works from outside the www webpage is displayed.
However when the server wants to connect to the internet this does not work. When we ping http://www.microsoft.com the name cannot be resolved by our internal DNS server.
Inbound there is no rule (we tried inbound with permit ip any any) but this doesn't also work.
I think it has something to do with udp packets that traverse to the vlan that is blocked. So the query goes outbound to the dns server but the answer of the dns server is blocked by the ACL outb (vlan320-outb).
How can we solve this problem?
When I remove the ACL it works, also when i put a line permit ip any any on the bottom of the ACL (outb).