Blocking internet access thru pix

Unanswered Question
Aug 16th, 2007
User Badges:


with a pix 501, how can allow a particular user/ip address access to only one web address and denying every other website. Simple right?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Jon Marshall Thu, 08/16/2007 - 12:45
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi Daniel

Yes if you block it by IP address but not if you want to block it by url.

So by ip address

access-list inside permit tcp host "user ip address" host "web server" eq 80

access-list inside deny ip host "user ip address" any

access-list inside permit ip any any

access-group inside in interface inside

Couple of things to note

1) There is a permit ip any any at the end because i'm assuming you don't want to interfere with any other traffic going out to the internet.

2) You may need to open up other ports other than 80 for the user eg 443 maybe if the site uses https.

3) This will stop the user going out on any other port to the internet as well.




This Discussion