Hi folks -
I have a vendor machine in our network that we assigned a static IP address to. This machine just needs access to the Internet and nothing on our network.
So I created the following access list and applied it to the port that this machine is connected to. The machine is connected to a Cisco 3560 switch. It's using 126.96.36.199 for DNS.
Extended IP access list 111
10 permit tcp host 172.16.34.78 any eq www
14 permit tcp host 172.16.34.78 any eq domain
15 permit icmp host 172.16.34.78 any
20 deny ip host 172.16.34.78 any
This machine is unable to connect to the Internet. I can ping 188.8.131.52 from the machine but 184.108.40.206 is not resolving any of the domain names on the Internet.
When I remove the access-l applied to the port, machine can get to the Internet just fine.
This is how the access-l was applied to the port:
ip access-group 111 in
So I am not sure where am I going wrong.
Can anyone help??