I am having trouble blocking HTTP/HTTPS access to just certain subnets within my network. The following is what I have tried and it doesn't seem to work.
access-list acl_insideint permit tcp object-group Servers object-group WebProtocols any
access-list acl_insideint deny tcp any object-group WebProtocols any
access-list acl_insideint permit ip any any
The Servers group contains the following:
object-group network Servers
description All subnets that contain servers
network-object 172.20.1.0 255.255.255.0
network-object 172.24.0.0 255.255.0.0
network-object 172.22.0.0 255.255.0.0
network-object 172.23.7.0 255.255.255.0
network-object 172.27.1.0 255.255.255.0
network-object 172.26.0.0 255.255.0.0
network-object 172.20.40.0 255.255.255.0
The Web Ports group contains just HTTP and HTTPS.
I put these rules in and then try to browse with 172.20.45.60 and browsing still works....