Looks like you probably want to change to "ip access-group 101 in" on your
ethernet as well, if you are trying to block users on your ethernet
interface, otherwise, you're just stopping people outside browsing web
servers on your network.
Gaz
""John Neiberger"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> If that is your entire access list then you are missing some permit
> statements. Remember that there is an implicit "deny all" at the end of
> an access list, so in your case you are denying everything. Add the
> necessary permit statements and all should be well.
>
> HTH,
> John
>
> >>> "norsyam ariffin" 9/19/01 4:31:59 AM >>>
> Hi guys.
>
> I have some problem with my access-list configuration. My access-list
> config
> is as stated below:
>
> ethernet 0/0
> ip access-group 101 out
>
> access-list 101 deny tcp any any eq www
>
> My branch office connected to HQ thru leased-line and they get their
> internet access thru HQ(HQ has 1 leased-line to ISP) and also they get
> their
> email from our email server at HQ. What I'm trying to do is to block
> internet access from my branch office but will allow email access. But
>
> referring to the above config, I manage to block the internet access
> but
> unfortunately the email access has been blocked.
>
> Do I need to add anything to my access-lists config?
>
>
> Thanks in advance
>
>
>
> _________________________________________________________________
> Get your FREE download of MSN Explorer at
> http://explorer.msn.com/intl.asp
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=20424&t=20374
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
