Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Restricting LAN Internet Acess

Hi There,

My set up is bassically


off the switch I have multiple LANS

of which I only want one segment to be able to get out totaly unrestricted.

With the basic implied rule I can get out to the internet fien and dandy. But when i try to restrict it to one LAN I lose my ability to surf.

The ACL I am trying to use is.

access-list INSIDE permit ip any

access-group INSIDE in interface inside

I would think this would allow the LAN out but I am no longer able to surf once it's applied. I am new to the PIX, so i am sure it is something simple I am missing.



Hall of Fame Super Blue

Re: Restricting LAN Internet Acess


Could you clarify. Are you saying that users on the network can no longer access the internet or is it the users on other lans.

Remember that there is an implicit deny on the end of any access-list so that access-list you have applied will allow users unrestricted access out but will deny any other users getting out at all.


New Member

Re: Restricting LAN Internet Acess

Hi sorry

The problem is that when I add the rule above, I lose all access from my network. I was expecting to lose access in other subnets, but I don't know why loses it to. From what I understand the rule should allow to do what it wants.

Thanks Concrete


Re: Restricting LAN Internet Acess would not be included in a typo on your part

New Member

Re: Restricting LAN Internet Acess

Yah sorry, it was a typo. Anywho I figured it out, it tooks a while to clue in that the internal DNS wasn't going to be able to get out with the new rule. So I just had to allow access out for it as well.

Thanks for all your help


CreatePlease to create content