Hi
There is an explicit deny any any invisible at the end of each access list.
You are denying all traffic.
Try something like:
access-list 101 deny tcp any any eq www
access-list 101 permit ip any any
""norsyam ariffin"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi guys.
>
> I have some problem with my access-list configuration. My access-list
config
> is as stated below:
>
> ethernet 0/0
> ip access-group 101 out
>
> access-list 101 deny tcp any any eq www
>
> My branch office connected to HQ thru leased-line and they get their
> internet access thru HQ(HQ has 1 leased-line to ISP) and also they get
their
> email from our email server at HQ. What I'm trying to do is to block
> internet access from my branch office but will allow email access. But
> referring to the above config, I manage to block the internet access but
> unfortunately the email access has been blocked.
>
> Do I need to add anything to my access-lists config?
>
>
> Thanks in advance
>
>
>
> _________________________________________________________________
> Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=20380&t=20374
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
