Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ASA5510: How to block just certain inside hosts to access internet?

I have ASA5510 set up. By using NAT, the inside hosts can access internet. If I want to just block certain hosts, for example (ip: 192.168.1.112) to access internet. How do I do it?

1 REPLY
Green

Re: ASA5510: How to block just certain inside hosts to access in

This would do it..

access-list inside deny tcp host 192.168.1.112 any eq 80

access-list inside deny tcp host 192.168.1.112 any eq 443

access-list inside permit ip any any

access-group inside in interface inside

That would prevent all web browsing, of course if you wanted to prevent any access to the internet...

access-list inside deny ip host 192.168.1.112 any

access-list inside permit ip any any

access-group inside in interface inside

Please rate helpful posts.

240
Views
8
Helpful
1
Replies
CreatePlease to create content