we currently running on 2611 router and I've just setup an access-list that only allow Internet, FTP, SMTP, POP3 would able to go out. But every time I apply the access-list to the inside interface then our internet is not working. Thanks in advance
I also agree that this would be applied at the outgoing interface as a access-group out ACL. If you do this, your other traffic internal wouldnt be denied. Of course this depends on how your setup looks.
With internet, do you mean "big-scary Internet" or your internal network?
How is your setup with router and interfaces?
Dont forget to also permit ftp-data, port 20 in your ACL.
Without knowing the particulars of your Internet access, such as location and use of Proxy Server, etc., I would suggest that you change the last line of your access list to deny ip any any log. With the logging turned on for the access list, you can see what traffic is being blocked by the implicit deny you have added to the end of your permissions.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...