ACL with PAT

Unanswered Question
Sep 29th, 2009
User Badges:

Dear All,

using the ASA 5510, how can I make an access list to be applied only on some client if they wants to open a specific website?

Now I have this ACL:

access-list testacl extended permit tcp any

but this will be applied on ALL the traffic coming from the host, I want it to be applied only on this host only if he wanted to visit the website ??

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Collin Clark Tue, 09/29/2009 - 05:35
User Badges:
  • Purple, 4500 points or more

You can adjust the ACL to fit that requirement. Deny the specified host first, then allow all others.

access-list testacl extended deny tcp host host a.b.c.d eq 80

access-list testacl extended permit tcp host any eq 80

Unfortunatly Cisco can not filter on a domain name in an ACL, so you must use the IP. You may have to block more than IP to block the site. You can block it by domain name if you use the Modular Policy Framework. If that is something you're interested in, just let us know.


This Discussion