Firewall Config - Block access to the internet

Unanswered Question
Apr 17th, 2007

What command would I use to block all internal access from a LAN, from reaching the internet?

Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
Loading.
Collin Clark Tue, 04/17/2007 - 14:58

shut the interface/remove the nat or global/specifically deny protocls you want blocked/remove default route, many different ways, if you provide more info maybe we can give a more detailed solution.

HTH and please rate.

danny9797 Tue, 04/17/2007 - 16:45

Lets say for example that we still want traffic to flow to another LAN (WAN communication). So I just want to block internet access from all users on the one LAN.

Jon Marshall Tue, 04/17/2007 - 22:48

Hi

Well there are a number of ways to do it. One way -

local LAN 192.168.1.0/24

remote LAN 172.16.5.0/24

access-list acl_inside permit ip 192.168.1.0 255.255.255.0 172.16.5.0 255.255.255.0

access-list acl_inside deny ip 192.168.1.0 255.255.255.0 any

access-group acl_inside in interface inside

Couple of things to be aware of.

1) There is an explicit deny at the end of the access-list so if you have other networks you want to allow access to/from you need to include them in your access-list.

2) I'm assuming this is a pix firewall - is this the case ?

HTH

Jon

Actions

This Discussion