Hi, Cisco router : 1) S0 is leased circuit (64kbps) connected to the ISP 2) E0 is connected to the internal network 202.187.x.0 /27 3) DNS/Web/Ftp server is 202.187.x.5 /27 4) Network control central network is 202.166.x.0 /24 I would like to apply the access-list to the s0 for the security to blocking unnecessary traffic, allow particular. Allow Internal network 202.187.x.0 clients to have www/telnet/ftp/DNS access to Internet. Allowed any host in Internet to have DNS access to the 202.187.x.5 Allowes any host in Internet to have www/ftp access into 202.187.x.0 Allowed ONLY 202.166.x.0 /24 to have telnet access to the 202.187.x.5 server My config :: Int s0 ip access group 118 in access-list 118 permit tcp 202.166.x.0 0.0.0.255 202.187.x.0 0.0.0.31 eq telnet access-list 118 permit tcp any 202.187.65.0 0.0.0.31 eq www access-list 118 permit tcp any 202.187.65.0 0.0.0.31 eq ftp access-list 118 permit tcp any 202.187.65.0 0.0.0.31 eq ftp-data access-list 118 permit tcp any 202.187.65.0 0.0.0.31 eq 53 access-list 118 permit udp any 202.187.65.0 0.0.0.31 eq 53 access-list 118 permit tcp any 202.187.65.0 0.0.0.31 established But Telnet and DNS is not working ! a) I am in the network 202.166.x.0 , but I cannot telnet into 202.187.x.0 /27 b) At internal network 202.187.x.0 , the clients cannot do DNS resolve. the DNS server is at Internet, not at the 202.187.x.0 network What wrong with my access-list, do u have any working sample that i can refer to ? Thanks a lot. Choh Koon, Tan Systems Engineer CCNP,CCDP **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _________________________________ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
