Hi guys.
I have some problem with my access-list configuration. My access-list config
is as stated below:
ethernet 0/0
ip access-group 101 out
access-list 101 deny tcp any any eq www
My branch office connected to HQ thru leased-line and they get their
internet access thru HQ(HQ has 1
Hi
There is an explicit deny any any invisible at the end of each access list.
You are denying all traffic.
Try something like:
access-list 101 deny tcp any any eq www
access-list 101 permit ip any any
norsyam ariffin wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Hi guys.
If that is your entire access list then you are missing some permit
statements. Remember that there is an implicit deny all at the end of
an access list, so in your case you are denying everything. Add the
necessary permit statements and all should be well.
HTH,
John
norsyam ariffin 9/19/01
Looks like you probably want to change to ip access-group 101 in on your
ethernet as well, if you are trying to block users on your ethernet
interface, otherwise, you're just stopping people outside browsing web
servers on your network.
Gaz
John Neiberger wrote in message
[EMAIL
Being a somewhat paranoid fellow, have u thought about permitting the mail
retrieval port and blocking all else??
Brian Sonic Whalen
Success = Preparation + Opportunity
On Wed, 19 Sep 2001, Antonio Del Grosso wrote:
Hi
There is an explicit deny any any invisible at the end of each access
5 matches
Mail list logo