Another thing I can see is where you have matched on the tcp port... In an extended ACL you can insert the 'eq' keyword after the source and/or the destination, depending on where the server is located. It is sometimes better to have statements that match on both the source and destination.
So you may want to modify ACL 120 so that it looks like this:
access-list 120 permit udp any any eq isakmp
access-list 120 permit udp any eq isakmp any
access-list 120 permit udp any any eq non500-isakmp
access-list 120 permit udp any eq non500-isakmp any
access-list 120 deny ip 10.0.0.0 0.255.255.255 any
access-list 120 deny ip 127.0.0.0 0.255.255.255 any
access-list 120 deny ip 172.16.0.0 0.15.255.255 any
access-list 120 deny ip 192.168.0.0 0.0.255.255 any
access-list 120 deny ip 188.8.131.52 184.108.40.206 any
I believe that with this config, if you remove access-;ist 130, everything will work. Access-list 130 is blocking everything.
However, you have permitted all tcp connections. This might not be desirable to you. Initially you permitted http traffic with the line
access-list 120 permit tcp any any eq www.
Since this is an inbound access-list, the line will allow outside users to connect to your locally hosted webservers on port 80. For you to browse and connect to the internet, use the line
access-list 120 permit tcp any eq www any.
What you should note is that when you initiate a connection, the destination port oftens identifies the type of connection. Hence when you launch your web browse and connect to cisco.com, the destination port is 80. However, the response from the web server to you, would have the source port to now be 80. Hence, for an inbound access-list on the wan interface, you should match on the source port. If it was outbound, on the wan interface, then you can match on the destination port.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...