|
Home > Archive > alt.certification.cisco > August 2003 > CISCO 3550 ACL help
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
CISCO 3550 ACL help
|
|
| Eric Vanderveer 2003-08-26, 12:35 pm |
| I just installed a 3550 with this new GUI interface(new because I have only
seen the IOS). My problem is I am setting up a access list under the GUI
and then assigning the acl to a port on my switch. When I do this it blocks
everything to that server. Here is the access list
'permit tcp any host 67.39.134.11 eq www established network tos min-delay
long time-range all day'
If you have any ideas let me knwo.
Thanks,
Eric Vanderveer
System Administrator
www.speednetllc.com
-----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
-----== Over 100,000 Newsgroups - 19 Different Servers! =-----
| |
|
|
"Eric Vanderveer" <evanderv@speednetllc.com> wrote in message
news:3f4b7f5a_7@corp.newsgroups.com...
> I just installed a 3550 with this new GUI interface(new because I have
only
> seen the IOS). My problem is I am setting up a access list under the GUI
> and then assigning the acl to a port on my switch. When I do this it
blocks
> everything to that server. Here is the access list
> 'permit tcp any host 67.39.134.11 eq www established network tos min-delay
> long time-range all day'
> If you have any ideas let me knwo.
> Thanks,
> Eric Vanderveer
> System Administrator
> www.speednetllc.com
>
>
>
>
> -----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
> http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
> -----== Over 100,000 Newsgroups - 19 Different Servers! =-----
There is an implicit deny all at the end of the list.
| |
| Robert Chen 2003-08-26, 1:33 pm |
| Try this
permit ip any host 67.39.134.11 eq www
Alot of the web stuff uses UDP, if I'm no mistaken.
"Eric Vanderveer" <evanderv@speednetllc.com> wrote in message
news:3f4b7f5a_7@corp.newsgroups.com...
> I just installed a 3550 with this new GUI interface(new because I have
only
> seen the IOS). My problem is I am setting up a access list under the GUI
> and then assigning the acl to a port on my switch. When I do this it
blocks
> everything to that server. Here is the access list
> 'permit tcp any host 67.39.134.11 eq www established network tos min-delay
> long time-range all day'
> If you have any ideas let me knwo.
> Thanks,
> Eric Vanderveer
> System Administrator
> www.speednetllc.com
>
>
>
>
> -----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
> http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
> -----== Over 100,000 Newsgroups - 19 Different Servers! =-----
| |
| Mark Smythe 2003-08-27, 7:25 pm |
|
"Eric Vanderveer" <evanderv@speednetllc.com> wrote in message
news:3f4b7f5a_7@corp.newsgroups.com...
> and then assigning the acl to a port on my switch. When I do this it
blocks
> everything to that server. Here is the access list
> 'permit tcp any host 67.39.134.11 eq www established network tos min-delay
>
If you put established, doesnt that mean it will let traffic to www if it is
established ? then what if it is not established yet ?
Maybe for a test try permit tcp any any established
permit tcp any host 67.39.134.11 eq www
permit ip any any
If that works, remove the ip any any and see if it fails again. Could be the
server not doing www .
long time-range all day'
> If you have any ideas let me knwo.
> Thanks,
> Eric Vanderveer
> System Administrator
> www.speednetllc.com
>
>
>
>
> -----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
> http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
> -----== Over 100,000 Newsgroups - 19 Different Servers! =-----
|
|
|
|
|