Jon Marshall Thu, 08/16/2007 - 12:45

Hi Daniel


Yes if you block it by IP address but not if you want to block it by url.


So by ip address


access-list inside permit tcp host "user ip address" host "web server" eq 80

access-list inside deny ip host "user ip address" any

access-list inside permit ip any any


access-group inside in interface inside


Couple of things to note


1) There is a permit ip any any at the end because i'm assuming you don't want to interfere with any other traffic going out to the internet.


2) You may need to open up other ports other than 80 for the user eg 443 maybe if the site uses https.


3) This will stop the user going out on any other port to the internet as well.


HTH


Jon

Actions

This Discussion