Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

OUtbound ACL problem on ASA5505

Here's an easy one for all you veterans. I'm new to firewalling and had an outbound access-list problem. If I wanted to block one of my workstations on the inside with ip 192.168.x.x address from reaching a specific external host (like a website) what would my syntax look like?

So far I have tried this:

access-list acl_out extended deny tcp host 192.168.x.x host x.x.x.x interface outside eq www

access-group acl_out out interface outside

I do these commands but then it just blocks everything on the inside from reaching the net. Can you help?

6 REPLIES

Re: OUtbound ACL problem on ASA5505

remove the above ACLs

do it as follow

access-list 100 deny tcp host 192.168.x.x host x.x.x.x eq www

access-list 100 permit ip any any

access-group 100 in interface inside

this is based on ip address

and if you want to block it for spesific website by name not ip u have to use class-map,policy map awith regex a bit more complex

but for the ip based blocking do as i told u

and u got denied because there is implicit deny after each acl so u need to put the permit any any at the end

dont forget always when u block make the blocking as close to the source as posible so that apply the ACL on the inside interface in the inbound direction

good luck

Rate if helpful

Re: OUtbound ACL problem on ASA5505

Hi,

Try this :-

access-list acl_out deny tcp host 192.168.x.x host x.x.x.x eq www

access-group acl_out in interface inside

** Also make sure that this ACL is above the other ACL statements which are allowing the entire subnet to go to Outside.

Re: OUtbound ACL problem on ASA5505

did u get it work ?

New Member

Re: OUtbound ACL problem on ASA5505

I have not been able to try it out yet, I will perform the change after business hours tonight and try to respond afterwards. Thank you all for your suggestions!

New Member

Re: OUtbound ACL problem on ASA5505

Well it would appear that your thoughtful comments have paid off. I understand what was wrong. The acl you provided worked great and everything is up and running. Thanks again!

Re: OUtbound ACL problem on ASA5505

i am glad its working :)

please, rate the helpful post

292
Views
5
Helpful
6
Replies
CreatePlease login to create content