Hi,
I run Cisco 861 to connect a small LAN to the Internet. The router provides DHCP and DNS to the local users and does NAT to map to one public IP. To secure the router I followed the steps given at
http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_configuration_example09186a008009445f.shtml
However, I encounter two problems now:
1) When I bind an access-list to the inside-interface, DHCP stops functioning. For the beginning, the access-list is very permissive:
access-list 102 permit tcp 192.168.43.0 0.0.0.255 any
access-list 102 permit udp 192.168.43.0 0.0.0.255 any
access-list 102 permit icmp 192.168.43.0 0.0.0.255 any
access-list 102 permit ip 192.168.43.0 0.0.0.255 any
Additionally, for the firewall to work, the interface is inspecting packets that are coming in:
ip inspect name firewall http timeout 3600
ip inspect name firewall tcp timeout 3600
ip inspect name firewall udp timeout 15
2) When I now bind an access-list to the outside-interface, communication to the internet is totally blocked:
access-list 112 permit icmp any any
access-list 112 deny ip any any log
See the appended config for full details. Without the access-lists, the setup works perfectly.
Which part am I doing wrong? Any help is appreciated,
Benjamin