Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
325
Views
4
Helpful
1
Replies

Blocking internet access thru pix

toyinsekoni
Level 1
Level 1

‎08-16-2007 11:56 AM - edited ‎03-11-2019 03:58 AM

Hello,

with a pix 501, how can allow a particular user/ip address access to only one web address and denying every other website. Simple right?

Thanks

Daniel

Labels:
0 Helpful
1 Reply 1

Jon Marshall
Hall of Fame
Hall of Fame

‎08-16-2007 12:45 PM

Hi Daniel

Yes if you block it by IP address but not if you want to block it by url.

So by ip address

access-list inside permit tcp host "user ip address" host "web server" eq 80

access-list inside deny ip host "user ip address" any

access-list inside permit ip any any

access-group inside in interface inside

Couple of things to note

1) There is a permit ip any any at the end because i'm assuming you don't want to interfere with any other traffic going out to the internet.

2) You may need to open up other ports other than 80 for the user eg 443 maybe if the site uses https.

3) This will stop the user going out on any other port to the internet as well.

HTH

Jon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card