ACL with NAT question

Answered Question
Feb 23rd, 2009
User Badges:

How can I deny access to specific websites using acl on a router with NAT with overload enabled? DNS and name server are enabled.


Currently I have


interface FastEthernet0/1

description connected to Internet

ip address 192.168.1.80 255.255.255.0

no ip redirects

ip nat outside

.

.

.

.

ip nat inside source list 1 interface FastEthernet0/1 overload

.

.

.


access-list 1 permit 10.10.10.0 0.0.0.255

access-list 1 permit 172.16.10.0 0.0.0.255

access-list 1 permit 172.16.0.0 0.0.0.255

access-list 1 permit 172.16.32.0 0.0.0.255

access-list 1 permit 172.16.64.0 0.0.0.255



Thanks in advance.

Correct Answer by Jon Marshall about 8 years 3 months ago

Not sure what this has to do with NAT. It's more to do with simply applying an acl on the inside interface of your device blocking access to the specific websites - assuming you aren't using websense or some such thing eg.


access-list 101 deny tcp any host eq 80

etc.. for each website

access-list 101 permit ip any any


then on the interface connecting to your LAN


int fa0/0

ip access-group 101 in


Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Jon Marshall Mon, 02/23/2009 - 14:00
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Not sure what this has to do with NAT. It's more to do with simply applying an acl on the inside interface of your device blocking access to the specific websites - assuming you aren't using websense or some such thing eg.


access-list 101 deny tcp any host eq 80

etc.. for each website

access-list 101 permit ip any any


then on the interface connecting to your LAN


int fa0/0

ip access-group 101 in


Jon

Actions

This Discussion