Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Permit Established ? does it work?

Reply
Thread Tools

Permit Established ? does it work?

 
 
Mike Gallagher
Guest
Posts: n/a
 
      12-20-2003
I'm going to bet this is a DNS problem. You don't have any lines in your
acl for udp 53. Add:

access-list 102 permit udp any eq 53 any

Mike

"Graeme" <(E-Mail Removed)> wrote in message
news:3fe349e8$0$39048$(E-Mail Removed) ...
> Rick,
>
> I can ping both URLs and IPs from ther connected PC through the router but
> not surf the web?
>
> Is this right?
>
> Graeme.
>
>



 
Reply With Quote
 
 
 
 
Barry Margolin
Guest
Posts: n/a
 
      12-20-2003
In article <3fe34385$0$37275$(E-Mail Removed)>,
"Graeme" <(E-Mail Removed)> wrote:

> This ACL should allow a pc connected to the router to browse the web? is
> that right? Why can i ping but not browse the web?
>
> When i apply this list [ip access-group 102 in] to the S0 (external
> interface) i can't browse!!! when i remove the list i can browse but my NO
> NAT config is wide open..!
> !
> !
> access-list 102 permit tcp any any established
> access-list 102 permit tcp any any eq telnet
> access-list 102 permit icmp any any
> !
> ps. i've also tried this:
>
> access-list 102 permit tcp 0.0.0.0 255.255.255.255 xx.xx.xx.0 0.0.0.255
> established


Your ACL doesn't allow DNS responses back in. DNS normally uses UDP, so
you need something like:

access-list 102 permit udp host <DNS-server-IP> eq domain any

This assumes you have the machines on your LAN configured to use your
ISP's DNS server. If you run your own DNS server, it should be:

access-list 102 permit udp any eq domain host <DNS-server-IP> gt 1023

But since you're NATting, and this ACL is applied before NAT is done,
and I'm guessing you don't have a static translation for the DNS server,
you may need it to be:

access-list 102 permit udp any eq domain any gt 1023

--
Barry Margolin, http://www.velocityreviews.com/forums/(E-Mail Removed)
Arlington, MA
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ACL: Does "permit IP" allow ICMP traffic like pings? chartscharts@yahoo.com Cisco 3 01-05-2007 02:54 PM
Traffic Does Not Flow After the Tunnel Is Established in pix to pix vpn iam23m Cisco 0 10-27-2006 01:50 AM
Wireless link not established until user logins on Windows 2000 Server Rob Nicholson Wireless Networking 2 11-29-2005 07:16 PM
12016/GRP sending LCP reconfigs on established Multilink PPP session John Hardin Cisco 1 11-10-2004 05:57 PM
No local LAN while PIX VPN established. just1coder Cisco 1 10-14-2004 07:52 PM



Advertisments