Hi folks -
I have a vendor machine in our network that we assigned a static IP address to. This machine just needs access to the Internet and nothing on our network.
So I created the following access list and applied it to the port that this machine is connected to. The machine is connected to a Cisco 3560 switch. It's using 220.127.116.11 for DNS.
Extended IP access list 111
10 permit tcp host 172.16.34.78 any eq www
14 permit tcp host 172.16.34.78 any eq domain
15 permit icmp host 172.16.34.78 any
20 deny ip host 172.16.34.78 any
This machine is unable to connect to the Internet. I can ping 18.104.22.168 from the machine but 22.214.171.124 is not resolving any of the domain names on the Internet.
When I remove the access-l applied to the port, machine can get to the Internet just fine.
This is how the access-l was applied to the port:
ip access-group 111 in
So I am not sure where am I going wrong.
Can anyone help??