I have the following ACL

ip access-list extended InternetIn

permit tcp any any range 10000 20000

permit udp any any range 10000 20000

permit udp any any eq 5060

permit tcp any any eq 5060

permit tcp any any eq domain

permit tcp any any eq ftp

permit tcp any any eq ftp-data

permit tcp any any eq pop3

permit tcp any any eq smtp

permit tcp any any eq telnet

permit tcp any any eq www

permit udp any any eq 80

permit tcp any any eq 8080

permit udp any any eq 8080

permit tcp any any eq 22

permit tcp any any eq 60000

permit udp any any eq bootpc

permit udp any any eq bootps

permit udp any any eq domain

permit udp any any eq nameserver

permit icmp any any

With the following router setup:

interface FastEthernet0/1

description Internet

ip address 83.148.130.x 255.255.255.248

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

interface Dot11Radio0/2/0

no ip address

!

ssid ComtekVoip

vlan 1

authentication open

guest-mode

!

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

station-role root

!

interface Dot11Radio0/2/0.1

encapsulation dot1Q 1 native

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 spanning-disabled

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

!

interface Vlan1

description Phone Network

no ip address

ip virtual-reassembly

bridge-group 1

!

interface BVI1

ip address 192.168.20.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

Without the ACL applied to fa0/1 inbound , I can browse the internet fine.

However when i do apply it webpages stop working. I believed the only port I needed to allow in the ACL was port 80 for tcp. I added the other few port 80's and 8080's trying to get it working. Is there anything i'm missing or should my setup work?

I think that the ACL is blocking something with the implicit deny all. But what?

Thanks for looking.