Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ASA with Message labs

I have an ASA device which allows the inside network unrestricted access to the internet. I would like to restrict access to only networks required for Message labs. When I try and apply the configuration I am losing all access to the internet even when using the message labs proxy software running on a PC on the inside. I also lose access to networks through a VPN tunnel.

I don't usually work with ASA devices so any help would be much appreciated.

The inside network is

192.168.228.0/24

The config for unrestricted internet access is:

access-list inside_access_in extended permit ip 192.168.228.0 255.255.255.0 any

access-group inside_access_in in interface inside

I am replacing with this, which breaks all outbound traffic to internet and also through VPN.

object-group network ALLOWED_INTERNET_SITES

description Internet_sites_allowed

network-object 216.82.240.0 255.255.240.0

network-object 67.219.240.0 255.255.240.0

network-object 85.158.136.0 255.255.248.0

network-object 95.131.104.0 255.255.248.0

network-object 46.226.48.0 255.255.248.0 

network-object 117.120.16.0 255.255.248.0

network-object 193.109.254.0 255.255.254.0

network-object 194.106.220.0 255.255.254.0

network-object 195.245.230.0 255.255.254.0

network-object 103.9.96.0 255.255.252.0

network-object 203.183.222.96 255.255.255.224

network-object 202.218.232.192 255.255.255.224

network-object 203.116.194.128 255.255.255.224

object-group network ALLOWED-HOSTS

description inside_hosts

network-object 192.168.228.0 255.255.255.0

access-list OUTBOUND extended permit ip object-group ALLOWED-HOSTS object-group ALLOWED_INTERNET_SITES

access-group OUTBOUND in interface inside

I have attched a copy of the config when everything works but internet sites are unrestricted.



429
Views
0
Helpful
0
Replies
CreatePlease to create content