Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

My Access List Blocks Everything?

I have a lan set up with a dmz for a webserver.

My external router is a cisco 3600 and the internal is a cisco 2600.

I am attempting to apply an access list but each time I apply it I end up blocking everything. Is anyone able to tell me where I am going wrong, please?

My acl:

access list (name/number) incoming on internal

permit tcp any established

permit tcp any 5050

permit tcp any 5100

permit tcp any 5101

permit tcp any 1863

permit tcp any 110

permit tcp any 25

permit tcp any 80

permit tcp any range 6881-6969

permit tcp any 6346

permit tcp any 1366

permit tcp any 5190

permit tcp any 1080

permit tcp any 1366

permit tcp any 1367

permit tcp any 5190

deny any any


Re: My Access List Blocks Everything?


are you sure the destination address is in the range

What means "everything" is blocked? How do you test this? Can you add

permit icmp any

above the "deny any any" command and ping the server?

Regards, Martin

Hall of Fame Super Silver

Re: My Access List Blocks Everything?

Looking at the access list I would think it was more likely built as an outbound access list: especially the use of tcp established (more often out than in) and the fact that destination addresses are specified. But this line in the original post makes me wonder if it is applied as inbound:

access list (name/number) incoming on internal

Perhaps the original poster can clarify on which interface and in which direction the access list is applied. In fact it would be helpful if the original poster can post the entire configuration of the interface.