[c-nsp] Access List Problem
Paul Stewart
pauls at nexicom.net
Thu Oct 21 14:22:23 EDT 2004
We are trying to filter traffic using a basic access list on an
interface (6509 Catalyst Native IOS).
Here's the interface config:
interface FastEthernet4/41
description XXXXXXXXXXX
ip address XXXXXXXXXX 255.255.255.248
ip access-group 120 out
logging event link-status
logging event bundle-status
speed 100
duplex full
no cdp enable
And the access list:
access-list 120 permit tcp any any established
access-list 120 permit tcp any host XXXXXXXXXX eq www
access-list 120 permit tcp any host XXXXXXXXXX eq 1002
access-list 120 permit tcp any host XXXXXXXXXX eq 3389
access-list 120 permit tcp any host XXXXXXXXXX eq 443
access-list 120 deny ip any any log
The traffic coming in from the Internet is filtered and only the 4 ports
work fine. No issues with that.
Now, if I'm sitting on the server I can't surf or anything to the
outside world... something we need to do...
What am I missing here? I've tried an access list 121 applied opposite
that is "permit ip any any" but no difference... I thought the
"established" statement would look after my needs...??
Thanks,
Paul
More information about the cisco-nsp
mailing list