Your syntax is wrong. You are permitting IP protocols 80, 21, 23 and 53 - NOT ports 80, 21, 23 and 53.
The correct syntax would be: access-list 101 permit tcp any any eq www access-list 101 permit tcp any any eq telnet access-list 101 permit tcp any any eq ftp access-list 101 permit tcp any any eq domain access-list 101 permit icmp any any Hth, Ole ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Ole Drews Jensen Systems Network Manager CCNP, MCSE, MCP+I RWR Enterprises, Inc. [EMAIL PROTECTED] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://www.RouterChief.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ NEED A JOB ??? http://www.oledrews.com/job ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -----Original Message----- From: NetEng [mailto:[EMAIL PROTECTED]] Sent: Friday, February 22, 2002 12:39 PM To: [EMAIL PROTECTED] Subject: simple access-lists question [7:36240] Why is this simple task beating me? I have a router with 2eth. that separates my lab from the corporate network. I would like web/ftp/telnet access from the lab to the world and back. I created an access list and applied it to my lab's ethernet int. This is the list. Am I missing something? access-list 101 permit 80 any any access-list 101 permit 21 any any access-list 101 permit 23 any any access-list 101 permit 53 any any access-list 101 permit icmp any any ip access-group 101 out (on ethernet of lab side) TIA. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=36251&t=36240 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]