Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

How to Block users from accessing Internet

Hello all,

I am having ASA 5510. I want to block access to internet for all my LAN Users.

How can i do this?

4 REPLIES
Cisco Employee

Re: How to Block users from accessing Internet

You can create an access-list on the inside interface/interface where the users are connected to to block access to the Internet.

What traffic do you want to block the users from the Internet? all traffic? or only web traffic?

New Member

Re: How to Block users from accessing Internet

Hi,

Thanks for reply.

I want to block internet surfing. Only want google to open nothing else.

how to do this?

Cisco Employee

Re: How to Block users from accessing Internet

In that case, if you only want to allow google, then you would need to configure MPF (Modular Policy Framework) with regex.

Here is a sample configuration for your reference:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080940e04.shtml

You would need to tweak the config as the example is to drop/block access to specific website, but in your case, you would like to allow access to specific website.

Hope that helps.

Cisco Employee

Re: How to Block users from accessing Internet

http://supportforums.cisco.com/docs/DOC-1268#Allow_only_ciscocom will give you the config you want.

And it is

regex allowex2 "google\.com"

class-map type inspect http match-all allow-url-class
match not request header host regex allowex2

policy-map type inspect http allow-url-policy
parameters
class allow-url-class
  drop-connection log
policy-map global_policy
class inspection_default
  inspect http allow-url-policy

service-policy global_policy global

that will do. Let us know that it fixed your issue.

PK

225
Views
0
Helpful
4
Replies
CreatePlease to create content