12-21-2011 04:13 AM - edited 03-11-2019 03:04 PM
Hello
We need to block one user from browsing internet and allow all others. For now I only have ACL on the outside interface.
The user is behind the Firewall ( i.e LAN )
Current setup allows all users to browse internet.
appreicate some help
thanks
Anthony
Solved! Go to Solution.
12-21-2011 04:30 AM
Right on the money - that will do it. Just make sure the user will ALWAYS be 172.20.20.1 - if he changes, he will bypass the ACL.
HTH>
12-21-2011 04:19 AM
Create another ACL for the "Inside" to deny the specific host and permit all else.
12-21-2011 04:24 AM
Hello Andrew
Are these entries correct
access-list INSIDE extended deny tcp host 172.20.20.1 any eq http
access-list INSIDE extended permit ip any any
access-group INSIDE in interface inside
thanks
Anthony
12-21-2011 04:30 AM
Right on the money - that will do it. Just make sure the user will ALWAYS be 172.20.20.1 - if he changes, he will bypass the ACL.
HTH>
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide