ACL with PAT

Unanswered Question
Sep 29th, 2009
User Badges:

Dear All,

using the ASA 5510, how can I make an access list to be applied only on some client if they wants to open a specific website?

Now I have this ACL:

access-list testacl extended permit tcp 192.168.121.11 any

but this will be applied on ALL the traffic coming from the host 192.168.121.11, I want it to be applied only on this host only if he wanted to visit the website www.xyz.com ??

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Collin Clark Tue, 09/29/2009 - 05:35
User Badges:
  • Purple, 4500 points or more

You can adjust the ACL to fit that requirement. Deny the specified host first, then allow all others.


access-list testacl extended deny tcp host 192.168.121.11 host a.b.c.d eq 80

access-list testacl extended permit tcp host 192.168.121.11 any eq 80


Unfortunatly Cisco can not filter on a domain name in an ACL, so you must use the IP. You may have to block more than IP to block the site. You can block it by domain name if you use the Modular Policy Framework. If that is something you're interested in, just let us know.

Actions

This Discussion