Extended ACLs - DNS Resolution

From: Angela Ledford (aledford@xxxxxxxxxxx)
Date: Thu Mar 23 2000 - 14:36:16 GMT-3

• Next message: Rob Ehlers: "Scoring for CCIE lab"
• Previous message: Derek Small (Fuse): "Re: casscade reverse telnet?"
• Next in thread: Maljure, Sanjay: "RE: Extended ACLs - DNS Resolution"
• Maybe reply: Maljure, Sanjay: "RE: Extended ACLs - DNS Resolution"
• Maybe reply: David Russell: "Re: Extended ACLs - DNS Resolution"
• Maybe reply: Angela Ledford: "Re: Extended ACLs - DNS Resolution"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
I am having trouble figuring out what I have wrong on this access-list that
won't allow DNS to resolve names based on the servers I have listed. I can
ping the servers and without the access-list, I can resolve names but once I
envoke, it brakes ... config below:
!
ip subnet-zero
ip tcp synwait-time 5
ip name-server 206.165.5.10
ip name-server 206.165.50.10

ip audit notify log
ip audit po max-events 100
!
!
process-max-time 200
!
interface Loopback0
 ip address 208.50.222.29 255.255.255.252
 no ip directed-broadcast
 ip nat inside
!
interface Ethernet0/0
 description Local LAN
 ip address 192.168.2.1 255.255.255.0
 no ip directed-broadcast
 ip nat inside
!
interface Serial0/0
 description Serial Internet Link
 bandwidth 384
 ip address 208.50.237.34 255.255.255.252
 ip access-group 105 in
 no ip directed-broadcast
 ip nat outside
 ip access-group 105 in
 no ip mroute-cache
 no fair-queue
 down-when-looped
!
ip nat pool internet 208.50.222.30 208.50.222.30 netmask 255.255.255.252
ip nat inside source list 1 pool internet overload
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0
no ip http server
!
access-list 1 permit 192.168.2.0 0.0.0.255
access-list 105 deny ip 208.50.222.28 0.0.0.3 any
access-list 105 permit tcp any 208.50.222.28 0.0.0.3 established
access-list 105 permit udp any any eq domain
access-list 105 permit tcp any 208.50.222.28 0.0.0.3 gt 1023
access-list 105 permit icmp any 208.50.222.28 0.0.0.3 traceroute
access-list 105 permit icmp any 208.50.222.28 0.0.0.3 echo
access-list 105 permit icmp any 208.50.222.28 0.0.0.3 echo-reply
access-list 105 permit icmp any 208.50.222.28 0.0.0.3 ttl-exceeded
access-list 105 permit udp any host 208.50.237.34 eq domain
access-list 105 permit icmp any host 208.50.237.34 echo
access-list 105 permit icmp any host 208.50.237.34 echo-reply
access-list 105 permit icmp any host 208.50.237.34 ttl-exceeded
!
line con 0
 password pnc
 login
 transport input none
line aux 0
 password pnc
 login
 modem InOut
 modem autoconfigure type usr_sportster
 transport input all
 speed 115200
 flowcontrol hardware
line vty 0 4
 password pnc
 login

--
Angela Ledford CCNP-CVOICE, CCNA
Network Engineer
Pathfinders Networking Corporation
aledford@pathnet.com
http://www.pathfindersnetworking.com/

• Next message: Rob Ehlers: "Scoring for CCIE lab"
• Previous message: Derek Small (Fuse): "Re: casscade reverse telnet?"
• Next in thread: Maljure, Sanjay: "RE: Extended ACLs - DNS Resolution"
• Maybe reply: Maljure, Sanjay: "RE: Extended ACLs - DNS Resolution"
• Maybe reply: David Russell: "Re: Extended ACLs - DNS Resolution"
• Maybe reply: Angela Ledford: "Re: Extended ACLs - DNS Resolution"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:23:06 GMT-3