Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Firewall Config - Block access to the internet

What command would I use to block all internal access from a LAN, from reaching the internet?

Thanks

4 REPLIES

Re: Firewall Config - Block access to the internet

shut the interface/remove the nat or global/specifically deny protocls you want blocked/remove default route, many different ways, if you provide more info maybe we can give a more detailed solution.

HTH and please rate.

New Member

Re: Firewall Config - Block access to the internet

Lets say for example that we still want traffic to flow to another LAN (WAN communication). So I just want to block internet access from all users on the one LAN.

Hall of Fame Super Blue

Re: Firewall Config - Block access to the internet

Hi

Well there are a number of ways to do it. One way -

local LAN 192.168.1.0/24

remote LAN 172.16.5.0/24

access-list acl_inside permit ip 192.168.1.0 255.255.255.0 172.16.5.0 255.255.255.0

access-list acl_inside deny ip 192.168.1.0 255.255.255.0 any

access-group acl_inside in interface inside

Couple of things to be aware of.

1) There is an explicit deny at the end of the access-list so if you have other networks you want to allow access to/from you need to include them in your access-list.

2) I'm assuming this is a pix firewall - is this the case ?

HTH

Jon

New Member

Re: Firewall Config - Block access to the internet

thanks a lot

yes the firewall is a Pix.

355
Views
9
Helpful
4
Replies