07-10-2006 05:47 AM - edited 02-20-2020 09:37 PM
If you would like to be able to permit some computers to access only 1 website could you do it through an access list?
The thinking was as follows:
access-list 100 permit (internal static address) (external address)
access-list 100 deny (internal static address) any
- - repeat above two lines for additional internal addresses for access list 100
access-list 100 permit any any
Then apply this to the ethernet interface.
Will this work? Is there a better way to accomplish this?
Many thanks in advance for any assistance.
07-10-2006 06:27 AM
This ACL is more secure given your requirements.
access-list 100 permit tcp host w.x.y.z host a.b.c.d eq www
access-list 100 deny ip host w.x.y.z any
- - repeat above two lines for additional internal addresses for access list 100
access-list 100 permit ip any any
where
w.x.y.z = internal hosts
a.b.c.d = external web server
This acl would only allow internal hosts defined to have web access to the one web server (no other services) and allow all other hosts all access.
Hope this helps! If so, please rate.
Thanks
07-10-2006 06:29 AM
H
07-10-2006 10:03 AM
Thanks for the response. If there is currently no ACL on the Ethernet interface is that interface open without an ACL? If so, I would the "access-list 100 permit ip any any" puts back the access for everyone else. Is that correct?
07-10-2006 12:45 PM
If there is no ACL on an interface then in essence it is permit ip any any.
07-11-2006 01:28 AM
I am quite new to CISCO firewalls, but I have previous experience with other firewalls. At the moment I am using ASDM 5.0 for PIX to configure Access ?Lists?.
If you go to:
Configuration > Features > Building Blocks > Hosts/Networks
Create Hosts in there. Then go to:
Configuration > Features > Building Blocks > Hosts/Networks Groups
And create to groups, say Servers and Users. Then add hosts (PCs) to a particular group. Go to:
Configuration > Features > Security Policy
and give different access for this groups under the same interface.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide