I've configured ASA with normal set up, inside, outside, and all inside users can browse internet smoothly without access list,,
i wanted to add some access list to allow only http, https, & some other services.. and block others..
when i add the first access list "access-list inside_acl extended permit tcp any any eq www " and apply it on inside interface, users cannot browse INTERNET...
by removing it, every thing work fine
please note that there is no single deny ACL.
any answer, why? what should i do?
Could you try to ping outside (public network) using IP address rather than name. If it works then it is definitely dns issue.
Although dns query support both tcp and udp but it normally does query with udp protocol so try to add this at first line
access-list inside_acl extended permit udp any any eq domain