11-14-2008 11:55 AM - edited 03-04-2019 12:20 AM
I have a request from a IT manager and I'm trying to determine if I can accomplish this with an ACL. Essentially, he has a static block of IPs (10-20) on a shop floor where he does NOT want them to have Internet access, but still requires WAN access for internal Outlook and Intranet access. I've been playing around with 1-2 variations but I dont seem to be having success. Any suggestions?
Regards,
Dan
11-14-2008 12:04 PM
Your can permit the static block for WAN/Intranet IPs and deny any.
Thanks.
11-14-2008 12:05 PM
Hello Dan,
the ACL should use a logic
permit block-ip server1
permit block-ip server2
permit block-ip intranet-block
! deny access to internet
deny blockip any
! to allow internet access to other addresses
permit any any
this extended acl should be applied inbound on the router that is the default gateway.
The range of ip addresses may need to be represented by muliple ACL lines.
We sometimes use this method to avoid internet access to specific hosts.
Hope to help
Giuseppe
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: