Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Command(s) to block internet access to LAN host

All: ASA 5510 running 9.4

What arethe commands I need to issue in order to create rules that block an internal host completely from internet access, and restrict it to just LAN traffic?

Thanks,

-Rob

3 REPLIES
Hall of Fame Super Blue

Command(s) to block internet access to LAN host

Rob

Is the internal LAN being routed on the firewall or do you have a L3 switch for example.

Do you have multiple vlans are are you using subninterfaces etc.

We need to know how the internal LAN is setup in relation to the ASA.

Jon

Community Member

Command(s) to block internet access to LAN host

Yes, internal LAN is being routed on the firewall. It is a very simple class C (192.168.0.x)

No VLANs at this time, no subinterfaces.

Also, just want to confirm that this will just restrict access out to the internet, I still want internal hosts to be able to reach this IP, and I want to be able to access it with a VPN session running from the outside.

Thank you,

-Rob

Community Member

Re: Command(s) to block internet access to LAN host

Honestly you may just want to create a separate nameif/interface and IP network for this host. That way you can just use an ACL to block everything aside from internal connections to/from that host on the specific nameif.

It'll be similar to a DMZ.

370
Views
0
Helpful
3
Replies
CreatePlease to create content