Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACL with PAT

Dear All,

using the ASA 5510, how can I make an access list to be applied only on some client if they wants to open a specific website?

Now I have this ACL:

access-list testacl extended permit tcp any

but this will be applied on ALL the traffic coming from the host, I want it to be applied only on this host only if he wanted to visit the website ??


Re: ACL with PAT

You can adjust the ACL to fit that requirement. Deny the specified host first, then allow all others.

access-list testacl extended deny tcp host host a.b.c.d eq 80

access-list testacl extended permit tcp host any eq 80

Unfortunatly Cisco can not filter on a domain name in an ACL, so you must use the IP. You may have to block more than IP to block the site. You can block it by domain name if you use the Modular Policy Framework. If that is something you're interested in, just let us know.