Thank you

I tried it and it did not work.

so Im wondering should I apply an access list on both interfaces since the access list is applied per interface and per direction.

what really gets me is when I apply the access list I lose internet browsing access.

I still have internet but when I open a site I get the no display.
when I remove the access list everything goes back to normal.

any other ideas....



thanks in advance

Which interface goes to your LAN and which one to the Internet?

 

Apply the ACL to the interface connected to you LAN. Let's say that is f0/1, then you should have this:

If this does not work, please post sh run (without any passwords and real outside IP addresses). Or, at least your NAT configurations.

 

Remove ACL from interface f0/0:

interface f0/0

 no ip access-group 102 in

 

Then add this (assuming f0/1 goes to your LAN. If not, replace with appropriate interface)

 

interface f0/1
 ip access-group 102 in

!

access-list 102 permit tcp any any eq www
 access-list 102 permit tcp any any eq telnet
 access-list 102 permit tcp any any eq smtp
 access-list 102 permit tcp any any eq pop3
 access-list 102 permit tcp any any eq 21
 access-list 102 permit tcp any any eq 20
 access-list 102 permit tcp any any eq 443

 access-list 102 deny any any

I also added 443 above. You will need for Internet

 

Thank you for your help.

that fixed my problem....

I also was getting block my ISP.

all good now thank you again