Cisco Access Control Lists Problem

[Orion071]

Hi guys, I'm experiencing a problem with one of my ACLs...

I have it applied INBOUND on the Router's Interace that is facing the Internet.

I'm trying to restrict access so the only thing visible to Internet is my WebPage, but when I apply this ACL on the Router's Interface it takes down the connection to Internet (I'm running a ping on one of my internal hosts, but as soon as I apply that ACL INBOUND on my Router's External Interface it takes down any communication to the Internet).

I think that it is because the Router is dropping all the "returning" packets.

I know that there is one argument (ESTABLISHED) that I can enable to permit those returning packets, but it just applies to TCP, but What about ICMP, UDP?

This is the ACL I'm using:

access-list 101 remark FW-Outside-to-Inside
access-list 101 deny ip 192.168.0.0 0.0.0.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 0.0.0.0 any
access-list 101 permit tcp any host MYWEBSERVERSIP eq 80
access-list 101 deny ip any any



I hope you guys can give me a clue...

Thank you!!!

 

[lgarner]

ICMP and UDP are connectionless, so there's no concept of returning packets. You need to permit the type of traffic needed, such as UDP port 53 for DNS, icmp echo-reply, etc.