Jon Marshall Thu, 08/16/2007 - 12:45

Hi Daniel

Yes if you block it by IP address but not if you want to block it by url.

So by ip address

access-list inside permit tcp host "user ip address" host "web server" eq 80

access-list inside deny ip host "user ip address" any

access-list inside permit ip any any

access-group inside in interface inside

Couple of things to note

1) There is a permit ip any any at the end because i'm assuming you don't want to interfere with any other traffic going out to the internet.

2) You may need to open up other ports other than 80 for the user eg 443 maybe if the site uses https.

3) This will stop the user going out on any other port to the internet as well.




This Discussion