Collin Clark Tue, 04/17/2007 - 14:58
User Badges:
  • Purple, 4500 points or more

shut the interface/remove the nat or global/specifically deny protocls you want blocked/remove default route, many different ways, if you provide more info maybe we can give a more detailed solution.


HTH and please rate.

danny9797 Tue, 04/17/2007 - 16:45
User Badges:

Lets say for example that we still want traffic to flow to another LAN (WAN communication). So I just want to block internet access from all users on the one LAN.


Jon Marshall Tue, 04/17/2007 - 22:48
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi


Well there are a number of ways to do it. One way -


local LAN 192.168.1.0/24

remote LAN 172.16.5.0/24


access-list acl_inside permit ip 192.168.1.0 255.255.255.0 172.16.5.0 255.255.255.0

access-list acl_inside deny ip 192.168.1.0 255.255.255.0 any


access-group acl_inside in interface inside


Couple of things to be aware of.


1) There is an explicit deny at the end of the access-list so if you have other networks you want to allow access to/from you need to include them in your access-list.

2) I'm assuming this is a pix firewall - is this the case ?


HTH


Jon

Actions

This Discussion