Our Pix 525 gig port just went belly up.
While awaiting spare part, I connected our Internet connection directly to a 3750e gig port instead of the PIX.
Everything works great.
I then want to apply the same ACL I used on the firewall to the 3750e's port.
Brief example of ACl:
! lots of ACE's
access-list 103 permit tcp any host 155.x.x.32 eq 80
access-list 103 permit tcp any host 155.x.x.33 eq 80
access-list 103 permit tcp any host 155.x.x.33 eq 4063
access-list 103 permit tcp any host 155.x.x.33 eq 4064
access-list 103 permit tcp any host 155.x.x.40 eq 4063
access-list 103 permit tcp any host 155.x.x.40 eq 4064
access-list 103 permit udp any host 155.x.x.40 eq 31335
access-list 103 deny ip any any
When I apply this to my interface, it works as advertised on the inbound side. However, nobody can get to the Internet via outbound.
ip address xxx.xxx.xxx.98 255.255.255.252
ip access-group 103 in
I create the following ACL and applied that to the above interface as "ip access-group 101 out"
access-list 101 permit ip any any
Any help or guidance would be greatly appreciated.