Being a somewhat paranoid fellow, have u thought about permitting the mail
retrieval port and blocking all else??
Brian "Sonic" Whalen
Success = Preparation + Opportunity
On Wed, 19 Sep 2001, Antonio Del Grosso wrote:
> Hi
>
> There is an explicit deny any any invisible at the end of each access list.
> You are denying all traffic.
>
> Try something like:
>
> access-list 101 deny tcp any any eq www
> access-list 101 permit ip any any
>
> ""norsyam ariffin"" wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Hi guys.
> >
> > I have some problem with my access-list configuration. My access-list
> config
> > is as stated below:
> >
> > ethernet 0/0
> > ip access-group 101 out
> >
> > access-list 101 deny tcp any any eq www
> >
> > My branch office connected to HQ thru leased-line and they get their
> > internet access thru HQ(HQ has 1 leased-line to ISP) and also they get
> their
> > email from our email server at HQ. What I'm trying to do is to block
> > internet access from my branch office but will allow email access. But
> > referring to the above config, I manage to block the internet access but
> > unfortunately the email access has been blocked.
> >
> > Do I need to add anything to my access-lists config?
> >
> >
> > Thanks in advance
> >
> >
> >
> > _________________________________________________________________
> > Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=20456&t=20374
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
