Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Help with access-list

Equip: 1760 VPN/K9 with Ethernet WIC

Goal is to allow access to only a web server behind router (port 80) yet allow any machine behind the router access to the internet

Problem is that as soon as I apply the access list to int e0/0 the machines behind the router cant get to anything outside the router

Using access lists:

access-list 101 permit tcp any host 172.31.2.2 eq 80

access-list 101 permit tcp any any established

access-list 101 permit udp any any eq 53

access-list 101 permit udp any any eq 123

any ideas??

thanks

Ricardo Clements

  • Other Network Infrastructure Subjects
2 REPLIES

Re: Help with access-list

How have you applied your access list ? inbound or outbound.

On your e0/0, this acl should be applied outbound.

I would recommend to change this access-list and apply it to the serial interface (or your wan interface) inbound.

New Member

Re: Help with access-list

e0/0 is my wan interface and I have been applying it as an inbound filter.

here is the config:

Current configuration : 1024 bytes

!

version 12.2

service config

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname xxx

!

logging queue-limit 100

enable secret xxxxx

enable password xxx

!

ip subnet-zero

!

!

ip domain name xxxx.com

!

ip audit notify log

ip audit po max-events 100

!

!

!

!

!

!

!

interface Ethernet0/0

ip address 192.168.1.10 255.255.255.0

ip access-group 101 in

ip access-group 1 out

half-duplex

!

interface FastEthernet0/0

ip address 172.31.1.1 255.255.0.0

speed auto

full-duplex

!

router rip

version 2

network 172.31.0.0

network 192.168.1.0

!

ip classless

ip http server

no ip http secure-server

!

!

!

access-list 1 permit any

access-list 101 permit tcp any any established

access-list 101 permit udp any any eq domain

access-list 101 permit udp any any eq ntp

!

snmp-server community public RO

snmp-server enable traps tty

...

ricardo

88
Views
0
Helpful
2
Replies
This widget could not be displayed.