Access-list Problem with UDP Port 53Could you clarify your network
configuration? Is the 2600 at your location and connected to the client via
the T-1 on serX? I just did some similar but even more restrictive acl's at
my job.
Tim
""Richie, Nathan"" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
I am having a problem with an access-list on a 2600 router. It used for the
clients T1 connection.
the access-list as follows:
access-list 100 deny ip 10.0.0.0 0.255.255.255 any
access-list 100 deny ip 172.16.128.0 0.0.15.255 any
access-list 100 deny ip 192.168.0.0 0.0.255.255 any
access-list 100 permit tcp any any established
access-list 100 deny icmp any any timestamp-request
access-list 100 permit icmp any any
access-list 100 permit tcp any any eq www
access-list 100 permit tcp any any eq smtp
access-list 100 permit tcp any any eq pop3
access-list 100 permit udp any any eq domain
access-list 100 deny udp any any log
access-list 100 deny tcp any any log
When this acl is applied inbound on the serial interface, all web browsing
stops. Looking at the logs and acl counters, it shows that UDP port 53 is
being denied via the "access-list 100 deny udp any any log" statement.
>From my understanding, TCP port 53 is used between DNS servers and UDP port
53 is used for DNS queries between clients and DNS servers. The client is
not hosting a DNS server, so they only need DNS queries and replies to pass.
Upon changing "access-list 100 deny udp any any log" to "access-list 100
permit udp any any log", all web browsing is enabled.
Could someone please shed some light on what I am missing here?
Thanks in advance,
Nathan Richie
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
