https://community.cisco.com/t5/network-security/http-access-via-pix/m-p/49522#M728745 <HTML><HEAD></HEAD><BODY><P>I am trying to access using the IP address....do I still need the DNS entry in the ACL??</P></BODY></HTML> Mon, 29 Apr 2002 15:34:04 GMT gcumarasamy 2002-04-29T15:34:04Z https://community.cisco.com/t5/network-security/http-access-via-pix/m-p/49520#M728739 <P>I am trying to config my PIX 501 OS 6.1(1) to allow only http traffic to go out with the following acl and applied to the inside interface.</P><P></P><P>access-list acl_in permit tcp x.x.x.x x.x.x.x eq www any</P><P></P><P>access-group acl_in in interface inside.</P><P></P><P>Once I apply this acl, I can't seem to get to any websites. Am I doing anything wrong here or missing any acl entries?????</P><P></P><P>Thanks for your help in advance.</P><P></P> Fri, 21 Feb 2020 06:02:34 GMT https://community.cisco.com/t5/network-security/http-access-via-pix/m-p/49520#M728739 gcumarasamy 2020-02-21T06:02:34Z https://community.cisco.com/t5/network-security/http-access-via-pix/m-p/49521#M728742 <HTML><HEAD></HEAD><BODY><P>have u allowed ur dns queries out of ur inside LAN, if u have a DNS server </P><P>outside.(not in inside LAN). if not u can add an entry as below and check if it works.</P><P></P><P>access-list acl_in permit udp any eq domain any</P><P></P><P>Regards,</P><P>Ashok Pawar H.S.</P></BODY></HTML> Mon, 29 Apr 2002 03:09:22 GMT https://community.cisco.com/t5/network-security/http-access-via-pix/m-p/49521#M728742 ashokpawar 2002-04-29T03:09:22Z https://community.cisco.com/t5/network-security/http-access-via-pix/m-p/49522#M728745 <HTML><HEAD></HEAD><BODY><P>I am trying to access using the IP address....do I still need the DNS entry in the ACL??</P></BODY></HTML> Mon, 29 Apr 2002 15:34:04 GMT https://community.cisco.com/t5/network-security/http-access-via-pix/m-p/49522#M728745 gcumarasamy 2002-04-29T15:34:04Z https://community.cisco.com/t5/network-security/http-access-via-pix/m-p/49523#M728746 <HTML><HEAD></HEAD><BODY><P> Do you have NAT set up and a outside route?</P></BODY></HTML> Mon, 29 Apr 2002 17:20:34 GMT https://community.cisco.com/t5/network-security/http-access-via-pix/m-p/49523#M728746 e-see 2002-04-29T17:20:34Z https://community.cisco.com/t5/network-security/http-access-via-pix/m-p/49524#M728749 <HTML><HEAD></HEAD><BODY><P>Yes, I do have a NAT/Global setup as follows:</P><P></P><P>nat (inside) 1 192.168.1.0 255.255.255.0</P><P>global (outside) 1 interface.</P><P></P><P>I don't have any outside route other than the default ststic route that was created during the initial setup.</P><P></P><P>thanks........</P></BODY></HTML> Tue, 30 Apr 2002 00:45:32 GMT https://community.cisco.com/t5/network-security/http-access-via-pix/m-p/49524#M728749 gcumarasamy 2002-04-30T00:45:32Z https://community.cisco.com/t5/network-security/http-access-via-pix/m-p/49525#M728750 <HTML><HEAD></HEAD><BODY><P>You need to allow DNS to pass through unless you are using an internal DNS. </P></BODY></HTML> Tue, 30 Apr 2002 10:38:09 GMT https://community.cisco.com/t5/network-security/http-access-via-pix/m-p/49525#M728750 mike 2002-04-30T10:38:09Z https://community.cisco.com/t5/network-security/http-access-via-pix/m-p/49526#M728753 <HTML><HEAD></HEAD><BODY><P>First, I strongly recommend that you sit down and think about what you're trying to accomplish. As was mentioned, DNS will almost certainly be required for most web applications and services. You may want other services as well.</P><P></P><P>Second, unless I'm missing something, I believe that your access list is incorrect. Try something like:</P><P></P><P>access-list acl_in permit tcp x.x.x.x x.x.x.x any eq www </P><P></P><P>The destination port is 80. I believe that you have specified it as the source port.</P><P></P><P>Hope this helps.</P></BODY></HTML> Tue, 30 Apr 2002 14:04:11 GMT https://community.cisco.com/t5/network-security/http-access-via-pix/m-p/49526#M728753 mklaphek 2002-04-30T14:04:11Z