You should open standard port 53 for DNS traffic, not port greater than
1023.
Correct me if I'm wrong
Vincent
""David Eitel"" Hello Everybody,
> I have a segment that I want only established traffic to enter. This has
> become quite confusing. I want ping, telnet, traceroute and DNS replies as
> well as FTP. Heres what I currently have. Any feedback would be
appreciated.
>
> access-list 101 permit ip any 192.168.0.0 0.0.0.255 ----> Allowing IP
> access-list 101 permit tcp any 192.168.0.0 0.0.0.255 established ------->
> Allowing established TCP traffic
> access-list 101 permit udp any 192.168.0.0 0.0.0.255 gt 1023 ---------->
> Allowing DNS replies
> access-list 101 permit icmp any any echo-reply ------> Allow ping reply
>
>
>
> David Eitel
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=1724&t=1718
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
