cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
246
Views
0
Helpful
2
Replies

ACL Help

ddalessad
Level 1
Level 1

I have a request from a IT manager and I'm trying to determine if I can accomplish this with an ACL. Essentially, he has a static block of IPs (10-20) on a shop floor where he does NOT want them to have Internet access, but still requires WAN access for internal Outlook and Intranet access. I've been playing around with 1-2 variations but I dont seem to be having success. Any suggestions?

Regards,

Dan

2 Replies 2

rais
Level 7
Level 7

Your can permit the static block for WAN/Intranet IPs and deny any.

Thanks.

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Dan,

the ACL should use a logic

permit block-ip server1

permit block-ip server2

permit block-ip intranet-block

! deny access to internet

deny blockip any

! to allow internet access to other addresses

permit any any

this extended acl should be applied inbound on the router that is the default gateway.

The range of ip addresses may need to be represented by muliple ACL lines.

We sometimes use this method to avoid internet access to specific hosts.

Hope to help

Giuseppe

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: