ACL with NAT question

Answered Question
Feb 23rd, 2009

How can I deny access to specific websites using acl on a router with NAT with overload enabled? DNS and name server are enabled.

Currently I have

interface FastEthernet0/1

description connected to Internet

ip address 192.168.1.80 255.255.255.0

no ip redirects

ip nat outside

.

.

.

.

ip nat inside source list 1 interface FastEthernet0/1 overload

.

.

.

access-list 1 permit 10.10.10.0 0.0.0.255

access-list 1 permit 172.16.10.0 0.0.0.255

access-list 1 permit 172.16.0.0 0.0.0.255

access-list 1 permit 172.16.32.0 0.0.0.255

access-list 1 permit 172.16.64.0 0.0.0.255

Thanks in advance.

I have this problem too.
0 votes
Correct Answer by Jon Marshall about 7 years 10 months ago

Not sure what this has to do with NAT. It's more to do with simply applying an acl on the inside interface of your device blocking access to the specific websites - assuming you aren't using websense or some such thing eg.

access-list 101 deny tcp any host eq 80

etc.. for each website

access-list 101 permit ip any any

then on the interface connecting to your LAN

int fa0/0

ip access-group 101 in

Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Jon Marshall Mon, 02/23/2009 - 14:00

Not sure what this has to do with NAT. It's more to do with simply applying an acl on the inside interface of your device blocking access to the specific websites - assuming you aren't using websense or some such thing eg.

access-list 101 deny tcp any host eq 80

etc.. for each website

access-list 101 permit ip any any

then on the interface connecting to your LAN

int fa0/0

ip access-group 101 in

Jon

Actions

This Discussion