Guys everything is working fine. Got my access list together and seems to be working unlike before.

Thanks again guys outstanding job.

Hi Rick, removed access-list 101 and did a shut / no shut and the problem has been resolved. I have tried to put together a new access-list to limit access eg allow users to browse web, send and receive mail from exchange server, and for external users to be able to access my web server yet when I apply the access list I go back to the original problem. Are you able to suggest what I am doing wrong with my access-list?

Alexandros

It seems that your access list is not permitting something that is necessary for the connections. Perhaps it might help if you post the new version of the access list.

But my basic suggestion is to have the last line of the access list to be deny ip any any log. The log parameter will create syslog records which will show what is being denied. Look through the records and find what is being denied that is important to the connections. Frequently it turns out to be something like DNS. I note in the original version of your config that your access list was permitting UDP DNS but not TCP DNS. Depending on how you have set up your DNS there is a possibility that something inside in attempting a DNS zone transfer to an external DNS with the server DNS records. The zone transfer is done with DNS on the TCP port. If it is not DNS then look at what is being denied that would prevent the connections.

HTH

Rick

Can you share your configs

Narayan

Building configuration...

Current configuration : 3181 bytes

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

enable secret *******

enable password *******

!

no aaa new-model

!

resource policy

!

clock timezone EST 10

clock summer-time EDT recurring last Sun Oct 2:00 last Sun Mar 2:00

ip subnet-zero

no ip source-route

ip cef

!

!

ip domain name <> (I also have another domain <> (How can I add this?))

ip name-server <>160.35

ip name-server <>160.36

ip name-server <>56.56

ip name-server <>184.150

ip name-server <>6.134

ip name-server <>219.3

!

!

!

username ******* privilege 15 password *******

!

!

interface ATM0

no ip address

ip nat outside

no ip virtual-reassembly

no atm ilmi-keepalive

pvc 8/35

encapsulation aal5mux ppp dialer

dialer pool-member 1

!

dsl operating-mode auto

!

interface FastEthernet0

spanning-tree portfast

!

interface FastEthernet1

spanning-tree portfast

!

interface FastEthernet2

!

interface FastEthernet3

!

interface Vlan1

ip address 10.7.2.254 255.255.255.224

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1420

!

interface Dialer0

bandwidth 1500

ip address negotiated

ip access-group 101 out

ip mtu 1492

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer pool 1

dialer idle-timeout 0

dialer persistent

dialer-group 1

ppp chap hostname *******@<>

ppp chap password *******

ppp pap sent-username *******@<>password *******

!

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer0

!

no ip http server

no ip http secure-server

ip nat inside source list 1 interface Dialer0 overload

ip nat inside source static tcp 10.7.2.250 80 isp.static.ip 80 extendable

!

access-list 1 permit 10.7.2.0 0.0.0.255

access-list 10 permit 10.7.2.227

access-list 10 deny any

access-list 101 permit tcp any any eq www

access-list 101 permit tcp any any eq 443

access-list 101 permit tcp any any eq smtp

access-list 101 permit udp any any eq domain

access-list 101 permit udp any any eq ntp

access-list 101 deny ip any any

dialer-list 1 protocol ip permit

no cdp run

!

control-plane

!

!

line con 0

login local

no modem enable

line aux 0

login local

line vty 0 4

access-class 10 in

login local

!

scheduler max-task-time 5000

ntp clock-period 17176872

ntp server <>160.2

end

Traceroute results from router:

Translating "<>"...domain server (<>160.35) (<>160.36) (2

08.76.56.56) (<>184.150) (<>6.134) (<>219.3)

% Unrecognized host or address.

Traceroute results from pc:

Tracing route to <> [<>.70]

over a maximum of 30 hops:

1 1 ms <1 ms <1 ms <> [10.7.2.254]

2 <> [10.7.2.254] reports: Destination net unreachable.

Trace complete.

nslookup results from pc:

nslookup <>

Server: <>.<>

Address: 10.7.2.250

Name: <>

Address: <>20.137

nslookup <>

Server: <>.<>

Address: 10.7.2.250

Non-authoritative answer:

Name: <>

Address: <>.70

My issue has been resolved should you need a working config.

Regards,

Alex