RE: Access list problem [7:9939]

Tue, 26 Jun 2001 17:46:59 -0700 

If you are trying to let everyone out to surf the web, and assuming that you
ACL is applied to inbound traffic on your internet facing interface.  You
are missing a rule to allow established tcp sessions back in:
permit tcp any any eq estab
Since this will probably be the rule that gets the most matches I would
place it as rule 1.  Let me know if this works for you.

______________________________

Thomas Crowe
Technical Director
Research & Development
CTS - Atlanta
Phone: 770-664-3900 ext 45
______________________________

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
John Brandis
Sent: Tuesday, June 26, 2001 4:26 AM
To: [EMAIL PROTECTED]
Subject: Access list problem [7:9939]


Hi All,

I thought I was on top of access lists, until today. When ever I apply
this particualr access list in IOS 11.2 , nothing on the network can
view internet pages. They can ping no problem but nothing else. Please
advise if you can, on which line the error is.
Thanks all, I appreciate it.

Extended IP access list 110
    deny   tcp any any eq 139
    permit udp any any eq domain
    permit tcp any any eq domain
    permit icmp any any
    permit tcp any host 203.111.42.200 eq ftp-data
    permit tcp any host 203.111.42.200 eq ftp
    permit tcp any host 203.111.42.200 eq 22
    permit tcp any host 203.111.42.204 eq ftp-data
    permit tcp any host 203.111.42.204 eq ftp
    permit tcp any host 203.111.42.204 eq www
    permit tcp any host 203.111.42.204 eq 3389
    permit tcp any host 203.111.42.215 eq smtp
    permit tcp any host 203.111.42.215 eq www
    permit tcp any host 203.111.42.215 eq 3389
    permit ip host 203.111.42.224 any
    permit ip host 203.111.42.225 any
    permit ip host 203.111.42.226 any

[GroupStudy.com removed an attachment of type text/x-vcard which had a name
of Thomas Crowe.vcf]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=10049&t=9939
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to