cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
802
Views
0
Helpful
4
Replies

Access list not allowing internet access

ttidris
Level 1
Level 1

please i have the following access list configured and it does not allow internet access.

4 Replies 4

spremkumar
Level 9
Level 9

Hi TOLULOPE

Can you post your configuration over here so that the same can be verified..

regds

this is the configuration,thanks

Using 2073 out of 129016 bytes

!

version 12.2

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname Router

!

no logging console

enable password xxx

!

ip subnet-zero

!

!

ip name-server 38.x.x.2

!

ip dhcp pool TELNET

network 192.168.0.0 255.255.255.0

default-router 192.168.0.13

dns-server 38.x.x.2

lease 5

!

ip inspect audit-trail

ip inspect name telnet http

ip inspect name telnet udp

ip inspect name telnet smtp

ip inspect name telnet tcp

ip inspect name telnet cuseeme

ip audit notify log

ip audit po max-events 100

!

call rsvp-sync

!

!

!

!

!

!

controller E1 0/0

!

controller E1 0/1

!

controller E1 0/2

!

controller E1 0/3

!

!

!

interface FastEthernet0/0

no ip address

ip access-group 150 in

shutdown

duplex auto

speed auto

!

interface FastEthernet0/1

no ip address

shutdown

duplex auto

speed auto

!

interface FastEthernet2/0

ip address 192.168.0.13 255.255.255.0

ip access-group office in

ip nat inside

duplex auto

speed auto

!

interface FastEthernet2/1

ip address 62.173.x.x.255.255.192

ip access-group telnet in

ip nat outside

ip inspect telnet out

duplex auto

speed auto

!

ip nat translation timeout 1200

ip nat inside source list 1 interface FastEthernet2/1 overload

ip classless

ip route 0.0.0.0 0.0.0.0 FastEthernet2/1

no ip http server

!

!

ip access-list extended office

permit tcp any any eq smtp

permit udp any any eq domain

permit icmp any any

permit tcp any any eq ftp

deny tcp any any eq 5061

deny tcp any any eq 5050

permit tcp any host 192.168.0.13 eq telnet

permit udp any any eq bootpc

permit udp any any eq bootps

permit tcp any any eq www

permit tcp any any eq 443

ip access-list extended telnet

permit icmp any any echo-reply

deny ip any any

logging facility daemon

logging 192.168.0.90

access-list 1 permit 192.168.0.0 0.0.0.255

!

dial-peer cor custom

!

!

!

!

banner motd ^C

ask 4 ishaku's per^C

!

line con 0

transport preferred none

speed 115200

line aux 0

line vty 0 4

password xxx

login

transport preferred none

!

chetankamra
Level 1
Level 1

Hi

Can you pleae explain a bit more.

Like

1. Which Router/Firewall are you working

2. Inside/outside interface .

3. Access-list Config

4. Traffic flow

Etc...

Thanks

Chetan

I can't find anything wrong with you configuration. Did you check if the client is getting the correct DHCP configuration from the router?

If yes remove the ACL on the inside interface and check if you see NAT translations by issuing the command:

show ip nat translations

Let me know what happens,