As you can see from my two NICs, the only access-lists in use are 102 and 198. Access-list 11 is not in use according to the configuration.
I decided to delete access-list 11, since it wasnt needed. When I did that no clients on the internal network could access the internet.
Why would deleting access-list 11 have any bearing on the internal clients when access-list 198 is bound to the Internal NIC card on the router?
====================================================
interface FastEthernet0/0
description connected to internet
ip address SCRUBBED
ip access-group 102 in
ip nat outside
ip route-cache flow
duplex auto
speed 100
!
interface FastEthernet0/1
description connected to inside
ip address 192.168.10.1 255.255.255.0 secondary
ip address 192.168.11.1 255.255.255.0
ip access-group 198 in
ip nat inside
ip route-cache flow
speed 100
full-duplex
!
ip http server
no ip http secure-server
ip classless
!
!
!
ip access-list extended INTERNAL
remark New not in use, yet-----------------------------
permit tcp any any eq www
permit tcp any any eq domain
permit udp any any eq domain
permit tcp any any eq telnet
permit tcp any any eq ftp
permit tcp any any eq 443
permit tcp any any eq pop3
permit tcp any any eq smtp
deny ip any any
access-list 11 permit 192.168.11.0 0.0.0.255
access-list 11 permit 192.168.10.0 0.0.0.255
!
access-list 102 permit udp any host SCRUBBED eq isakmp
access-list 102 permit esp any host SCRUBBED
access-list 102 permit tcp any host SCRUBBED eq telnet
access-list 102 permit tcp any host SCRUBBED eq 1352
access-list 102 permit tcp any host SCRUBBED eq www
access-list 102 permit udp any eq domain any
access-list 102 permit tcp any any established
access-list 102 permit tcp any host SCRUBBED eq www
access-list 102 permit tcp any host SCRUBBED eq 1352
access-list 102 permit tcp any host SCRUBBED eq www
access-list 102 permit tcp any host SCRUBBED eq ftp
access-list 102 permit tcp any host SCRUBBED eq ftp-data
access-list 102 permit tcp any host SCRUBBED eq www
access-list 102 permit tcp any SCRUBBED eq www
access-list 102 permit tcp any SCRUBBED eq www
access-list 102 permit tcp any host SCRUBBED eq www
access-list 102 permit ip any host SCRUBBED
access-list 102 permit ip any host SCRUBBED
access-list 102 permit ip any host SCRUBBED log
access-list 102 permit ip any host SCRUBBED log
access-list 198 deny tcp any any eq 135
access-list 198 deny udp any any eq 135
access-list 198 deny udp any any eq tftp
access-list 198 deny tcp any any eq 139
access-list 198 deny tcp any any eq 445
access-list 198 deny tcp any any eq 593
access-list 198 deny tcp any any eq 2745
access-list 198 deny tcp any any eq 1025
access-list 198 deny tcp any any eq 3127
access-list 198 deny tcp any any eq 6129
access-list 198 deny tcp any any eq 554
access-list 198 deny tcp any any eq 7070
access-list 198 permit ip any any
====================================================
I decided to delete access-list 11, since it wasnt needed. When I did that no clients on the internal network could access the internet.
Why would deleting access-list 11 have any bearing on the internal clients when access-list 198 is bound to the Internal NIC card on the router?
====================================================
interface FastEthernet0/0
description connected to internet
ip address SCRUBBED
ip access-group 102 in
ip nat outside
ip route-cache flow
duplex auto
speed 100
!
interface FastEthernet0/1
description connected to inside
ip address 192.168.10.1 255.255.255.0 secondary
ip address 192.168.11.1 255.255.255.0
ip access-group 198 in
ip nat inside
ip route-cache flow
speed 100
full-duplex
!
ip http server
no ip http secure-server
ip classless
!
!
!
ip access-list extended INTERNAL
remark New not in use, yet-----------------------------
permit tcp any any eq www
permit tcp any any eq domain
permit udp any any eq domain
permit tcp any any eq telnet
permit tcp any any eq ftp
permit tcp any any eq 443
permit tcp any any eq pop3
permit tcp any any eq smtp
deny ip any any
access-list 11 permit 192.168.11.0 0.0.0.255
access-list 11 permit 192.168.10.0 0.0.0.255
!
access-list 102 permit udp any host SCRUBBED eq isakmp
access-list 102 permit esp any host SCRUBBED
access-list 102 permit tcp any host SCRUBBED eq telnet
access-list 102 permit tcp any host SCRUBBED eq 1352
access-list 102 permit tcp any host SCRUBBED eq www
access-list 102 permit udp any eq domain any
access-list 102 permit tcp any any established
access-list 102 permit tcp any host SCRUBBED eq www
access-list 102 permit tcp any host SCRUBBED eq 1352
access-list 102 permit tcp any host SCRUBBED eq www
access-list 102 permit tcp any host SCRUBBED eq ftp
access-list 102 permit tcp any host SCRUBBED eq ftp-data
access-list 102 permit tcp any host SCRUBBED eq www
access-list 102 permit tcp any SCRUBBED eq www
access-list 102 permit tcp any SCRUBBED eq www
access-list 102 permit tcp any host SCRUBBED eq www
access-list 102 permit ip any host SCRUBBED
access-list 102 permit ip any host SCRUBBED
access-list 102 permit ip any host SCRUBBED log
access-list 102 permit ip any host SCRUBBED log
access-list 198 deny tcp any any eq 135
access-list 198 deny udp any any eq 135
access-list 198 deny udp any any eq tftp
access-list 198 deny tcp any any eq 139
access-list 198 deny tcp any any eq 445
access-list 198 deny tcp any any eq 593
access-list 198 deny tcp any any eq 2745
access-list 198 deny tcp any any eq 1025
access-list 198 deny tcp any any eq 3127
access-list 198 deny tcp any any eq 6129
access-list 198 deny tcp any any eq 554
access-list 198 deny tcp any any eq 7070
access-list 198 permit ip any any
====================================================