Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1323
Views
0
Helpful
2
Replies

telnet <servername> 80

Go to solution
S Prvr
Level 1
Level 1

‎06-09-2017 08:07 AM - edited ‎03-05-2019 08:41 AM

Hi All,

I am having trouble to go out from port 80 in my router. With ACL:public-interface-in, I cannot do telnet www.google.com 80. When I remove ACL, it is working. What else am I missing here ?

Thank you in advance,

interface GigabitEthernet0/0
 ip address xx.xx.xx.99 255.255.255.224
 ip access-group public-interface-in in
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
 no cdp enable


ip nat inside source list 23 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 xx.xx.xx.97 <----- this is my default gateway

ip access-list extended public-interface-in
 permit icmp any any
 permit tcp any any eq www
 permit tcp any any eq 22
 permit udp any any eq domain
 permit udp any eq domain any


access-list 23 permit 10.0.0.0 0.255.255.255

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Iulian Vaideanu
Level 4
Level 4

‎06-09-2017 08:28 AM

The way it is used that ACL would allow anyone outside to ping your network, to "telnet to" port 80 open on your network, to "telnet to" port 22 open on your network and to DNS-query your network, and allow your network to receive DNS replies.

Everything else coming from outside is denied, including return packets for your "telnet google.com 80" - an additional "permit tcp any eq www any" should allow you to do that.

It's all about where the "eq" is placed (matching source port or destination port), combined with the direction the ACL is applied on the interface (in our out)...

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Iulian Vaideanu
Level 4
Level 4

‎06-09-2017 08:28 AM

The way it is used that ACL would allow anyone outside to ping your network, to "telnet to" port 80 open on your network, to "telnet to" port 22 open on your network and to DNS-query your network, and allow your network to receive DNS replies.

Everything else coming from outside is denied, including return packets for your "telnet google.com 80" - an additional "permit tcp any eq www any" should allow you to do that.

It's all about where the "eq" is placed (matching source port or destination port), combined with the direction the ACL is applied on the interface (in our out)...

0 Helpful

Go to solution
S Prvr
Level 1
Level 1

‎06-09-2017 10:33 AM

that was it! thank you :)

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card