restict 3 ip address to access internet only

wilson_1234_2 · ‎07-16-2007

Is there an easy way to set up a policy to restrict three source addresses to access the internet only and not the rest of the network?

They are on a switch that will trunk up to a 6509 then to a

PIX.

Can this be done?

Richard Burts · ‎07-16-2007

Wilson

It can be done, but it may become tedious depending on how your network is structured. You would need to configure an access list and assign it inbound on the layer 3 interface that is the default gateway for these hosts. If the 3 hosts are all in the same VLAN/same subnet then it gets a bit easier because you need only a single access list. If the hosts are spread around then you would need an access list for each host.

The access list needs to be an extended access list and could be either named access list or numbered access list. In the access list you would have explicit deny statements with the host address as the source and denying access to any address within your network (that might be a single statement or might require multiple statements depending on how your network is structured). After you deny the host source address to any internal destination then you would permit any source address to any destination.

HTH

Rick

HTH

Rick

wilson_1234_2 · ‎07-16-2007

Thanks Rick,

That is where I was headed.

I appreciate your input.

Your the Top Dawg now.

Here is 5 more points.