Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
460
Views
5
Helpful
3
Replies

blocking http for user

Go to solution
anthony.dyne
Level 1
Level 1

‎12-21-2011 04:13 AM - edited ‎03-11-2019 03:04 PM

Hello

We need to block one user from browsing internet and allow all others. For now I only have ACL on the outside interface.

The user is behind the Firewall ( i.e LAN )

Current setup allows all users to browse internet.

appreicate some help

thanks

Anthony

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
andrew.prince
Level 10
Level 10
In response to anthony.dyne

‎12-21-2011 04:30 AM

Right on the money - that will do it.  Just make sure the user will ALWAYS be 172.20.20.1 - if he changes, he will bypass the ACL.

HTH>

View solution in original post

0 Helpful
3 Replies 3

Go to solution
andrew.prince
Level 10
Level 10

‎12-21-2011 04:19 AM

Create another ACL for the "Inside" to deny the specific host and permit all else.

0 Helpful

Go to solution
anthony.dyne
Level 1
Level 1
In response to andrew.prince

‎12-21-2011 04:24 AM

Hello Andrew

Are these entries correct

access-list INSIDE extended deny tcp host 172.20.20.1 any eq http

access-list INSIDE extended permit ip any any

access-group INSIDE in interface inside

thanks

Anthony

Go to solution
andrew.prince
Level 10
Level 10
In response to anthony.dyne

‎12-21-2011 04:30 AM

Right on the money - that will do it.  Just make sure the user will ALWAYS be 172.20.20.1 - if he changes, he will bypass the ACL.

HTH>

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card