ASA5510: How to block just certain inside hosts to access internet?

Unanswered Question
Sep 25th, 2007
User Badges:

I have ASA5510 set up. By using NAT, the inside hosts can access internet. If I want to just block certain hosts, for example (ip: 192.168.1.112) to access internet. How do I do it?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
Loading.
acomiskey Tue, 09/25/2007 - 15:26
User Badges:
  • Green, 3000 points or more

This would do it..


access-list inside deny tcp host 192.168.1.112 any eq 80

access-list inside deny tcp host 192.168.1.112 any eq 443

access-list inside permit ip any any

access-group inside in interface inside


That would prevent all web browsing, of course if you wanted to prevent any access to the internet...


access-list inside deny ip host 192.168.1.112 any

access-list inside permit ip any any

access-group inside in interface inside


Please rate helpful posts.

Actions

This Discussion