I have a Cisco 857w which works fine unless i apply an access list. The access list is incoming only yet when i apply it it stops all sorts of things from working. Ventrillo can't communicate with the server, Heroes of Newerth cant see the server list, pings don't work. I have a syslog running and see nothing at all when these things dont work. Vent and HoN both list the problems as outoing. Everything on the access list works fine though.
Here's how i apply the access list:
interface Dialer0
ip access-group WAN-IN in
And this is the access list:
ip access-list extended WAN-IN
remark VPN from office
permit udp host 217.33.###.### eq 4500 host 77.107.###.###
permit udp host 217.33.###.### eq 500 host 77.107.###.###
permit udp host 217.33.###.### eq 259 host 77.107.###.###
permit udp host 81.145.###.### eq 4500 host 77.107.###.###
permit udp host 81.145.###.### eq 500 host 77.107.###.###
remark VNC
permit tcp host 217.33.###.### host 77.107.###.### eq 55896
permit udp host 217.33.###.### host 77.107.###.### eq 55896
remark Torrent uses TCP and UDP
permit tcp any host 77.107.###.### eq 55897
permit udp any host 77.107.###.### eq 55897
remark Established
permit tcp any host 77.107.###.### established
remark DNS
permit udp host 194.72.0.98 eq domain host 77.107.###.###
permit udp host 194.74.65.68 eq domain host 77.107.###.###
remark NTP
permit udp any host 77.107.###.### eq ntp
remark Log Other
deny ip any any log
I've set it to debug all yet still see nothing in it when things aren't working. Is there something wrong with the list, how i've applied it or even something i need to set which makes the syslog send more?
Any suggestions?
Here's how i apply the access list:
interface Dialer0
ip access-group WAN-IN in
And this is the access list:
ip access-list extended WAN-IN
remark VPN from office
permit udp host 217.33.###.### eq 4500 host 77.107.###.###
permit udp host 217.33.###.### eq 500 host 77.107.###.###
permit udp host 217.33.###.### eq 259 host 77.107.###.###
permit udp host 81.145.###.### eq 4500 host 77.107.###.###
permit udp host 81.145.###.### eq 500 host 77.107.###.###
remark VNC
permit tcp host 217.33.###.### host 77.107.###.### eq 55896
permit udp host 217.33.###.### host 77.107.###.### eq 55896
remark Torrent uses TCP and UDP
permit tcp any host 77.107.###.### eq 55897
permit udp any host 77.107.###.### eq 55897
remark Established
permit tcp any host 77.107.###.### established
remark DNS
permit udp host 194.72.0.98 eq domain host 77.107.###.###
permit udp host 194.74.65.68 eq domain host 77.107.###.###
remark NTP
permit udp any host 77.107.###.### eq ntp
remark Log Other
deny ip any any log
I've set it to debug all yet still see nothing in it when things aren't working. Is there something wrong with the list, how i've applied it or even something i need to set which makes the syslog send more?
Any suggestions?
. Just to clarify though: I presume the dns, vpn and ntp entries you listed would negate the need of it on the incoming access list?
.