RE: cisco access-lists

Thu, 24 Aug 2000 12:07:46 -0700 

First I would get rid of most (if not all) of the "any any" statements.  Try
making the first line something like

access-list 103 permit tcp any x.x.x.x (your IP range) established

That should allow connections made from your internal network to pass data back.
Just a thought.

-Jon

> -----Original Message-----
> From: Justin Tamakawa [SMTP:[EMAIL PROTECTED]]
> Sent: Thursday, August 24, 2000 12:10 PM
> To:   '[EMAIL PROTECTED]'
> Subject:      cisco access-lists
> 
> I'm having a problem with my access-list for my cisco router.  Let me give you
> my exact acess-list : 
>  
> access-list 103 permit tcp any any eq 80 (Web)
> access-list 103 permit tcp any any eq 443 (secure web(cybercash, kmart, etc))
> access-list 103 permit tcp any any eq 25 (SMTP)
> access-list 103 permit tcp any any eq 21 (FTP)
> access-list 103 permit tcp any any eq 23 (Telnet)
> access-list 103 permit tcp any any eq 5190 (AIM)
> access-list 103 permit tcp any any eq 7070 (Realaudio)
> access-list 103 permit tcp any any eq 53 (DNS)
> access-list 103 permit ip 216.*.*.* 0.0.0.0 any 
> access-list 103 permit ip 216.*.*.* 156 0.0.0.0 any 
> access-list 103 permit ip 63.*.*.* 0.0.0.0 any 
> access-list 103 permit tcp any any eq 106
> access-list 103 permit udp any any eq 106
> access-list 103 permit tcp any any eq 109
> access-list 103 permit udp any any eq 109
> access-list 103 permit tcp any any eq 110
> access-list 103 permit udp any any eq 110
> access-list 103 permit tcp any any eq 554
> access-list 103 permit tcp any any eq 7070
> access-list 103 permit tcp any any eq 8080
> access-list 103 permit tcp any any eq 9090
> access-list 103 permit tcp any any eq 8181
>  
> Of Course what is in the parenthesis is not included in the list.  For some
> reason, the workers in my LAN don't have access to the www, among other
> things.  What am I doing wrong?  I am allowing tcp port 80, from anywhere to
> anywhere, so I can't see what the problem is.  Oh - by the way, this is on my
> line coming in the the web.
> Any help is definitely appreciated!
>  
> Thanks a MILLION,
>  
> Justin

-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Reply via email to