Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: access-list on inside interface trouble

access-list on inside interface trouble 10 years 11 months ago #10972

  • gl1d33
  • gl1d33's Avatar
  • Offline
  • New Member
  • Posts: 1
  • Karma: 0
I have a PIX version 7 with the following config
access-list allow_from_inside permit tcp 192.168.10.0 255.255.255.0 any eq www
access-list allow_from_inside deny ip any any
access-group allow_from_inside in interface inside
nat(inside) 1 192.168.10.0 255.255.255.0
global (outside) 1 192.168.100.250

When I apply the follwing access-list on the inside interface,I cannot access the internet. Any idea why?
The administrator has disabled public write access.

Re: access-list on inside interface trouble 10 years 10 months ago #11091

You have forgotton to add another access rule to allow dns resolution as follows:

access-list allow_from_inside permit udp 192.168.10.0 255.255.255.0 any eq 53

Hope this fixes the issue.


Regards,
Rahul Pathania...!!!
Empowering the Internet generation
The administrator has disabled public write access.

Re: access-list on inside interface trouble 10 years 10 months ago #11119

  • RedRanger
  • RedRanger's Avatar
  • Offline
  • Distinguished Member
  • Be Awesome
  • Posts: 136
  • Karma: 0
O lord, ACLs. I am so sick of those. I had to do a whole bunch of those in CCNA 2.
RedRanger

"I'd Rather You Hate Me For Everything I Am Than Love Me For Something I'm Not."

Be Awesome
The administrator has disabled public write access.

Re: access-list on inside interface trouble 10 years 10 months ago #11155

  • sahirh
  • sahirh's Avatar
  • Offline
  • Honored Member
  • Posts: 1700
  • Karma: 0
I would suggest you specifically allow DNS traffic *ONLY* to your DNS server... that's a better written firewall rule, otherwise you've got a bit of a loophole going there.

In other words, provide the DNS server address in the permit rule.

Cheers,
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
The administrator has disabled public write access.
Time to create page: 0.078 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup