Re: HTTP. from mike arnold on 2009-11-15 (Ccielab archives 11/2009)

From: mike arnold <haynessmith70_at_gmail.com>
Date: Sun, 15 Nov 2009 15:19:13 +0400

Garry:

The access-list u defined is as the source is server but in our senario
source can be anything because it is coming from anywhere from the
internet.Though i applied ur access-list but no results,

Ahmed:

Ur access-list specifies that different sources will access HTTP service on
this server,Am not publishing my server i want to access internet from this
server.I tried this also but no results.

Before posting i tried the following access-list on Dynamips.

24 permit tcp any eq www host 10,28,48.1
25 permit tcp any host 10.28.48.1 eq www.

the above access-list works with Dynamips but not working live.I hope am
missing allowing DNS server ip address because our DNS is on router A .

The below access-list is correct for DNS??? DNS can work on TCP as well as
on UDP Am not sure,pls confirm.

26 permit tcp host 10.25.7.5 eq domain host 10.28.37.1
27 permit tcp host 10.25.7.5 host 10.28.37.1 eq domain

Pls confirm
On Sun, Nov 15, 2009 at 2:43 PM, Ahmed Ejaz <aahmedejaz_at_gmail.com> wrote:

> Hi,
>
> permit tcp any host 10.1.1.2 eq www
> deny ip any any
>
> HTH
>
> Ahmed
>
> On Sun, Nov 15, 2009 at 3:02 PM, mike arnold <haynessmith70_at_gmail.com>wrote:
>
>> PIX----------------A------------
>> -B-------------------C---------------Server
>>
>> Access-list are applied on router B Inbound direction (packets coming
>> from
>> A) I want let the server go on the internet for patches upgrade,There is
>> no
>> such access-list configured for outbound on B (packets coming from
>> C),before
>> applying access-list server can go on the internet but after applying the
>> access-list it can't go.The Ip address on server is 10.28.48.1
>>
>> Acccess-list configured is
>>
>> Extended IP access list Network
>>
>> 24 permit tcp any eq www host 10.28.48.1
>> 35 deny ip any any (4701 matches)
>>
>> int vlan 100
>> ip access-group Network in ( interface facing to A)
>>
>> Pls tell me what am missing
>>
>> Thanks
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Sun Nov 15 2009 - 15:19:13 ART

This archive was generated by hypermail 2.2.0 : Tue Dec 01 2009 - 06:36:29 ART