Collin Clark Tue, 04/17/2007 - 14:58
User Badges:
  • Purple, 4500 points or more

shut the interface/remove the nat or global/specifically deny protocls you want blocked/remove default route, many different ways, if you provide more info maybe we can give a more detailed solution.

HTH and please rate.

danny9797 Tue, 04/17/2007 - 16:45
User Badges:

Lets say for example that we still want traffic to flow to another LAN (WAN communication). So I just want to block internet access from all users on the one LAN.

Jon Marshall Tue, 04/17/2007 - 22:48
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN


Well there are a number of ways to do it. One way -

local LAN

remote LAN

access-list acl_inside permit ip

access-list acl_inside deny ip any

access-group acl_inside in interface inside

Couple of things to be aware of.

1) There is an explicit deny at the end of the access-list so if you have other networks you want to allow access to/from you need to include them in your access-list.

2) I'm assuming this is a pix firewall - is this the case ?




This Discussion