Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
431
Views
10
Helpful
5
Replies

Access List Question

netwrkadm
Level 1
Level 1

‎07-10-2006 05:47 AM - edited ‎02-20-2020 09:37 PM

If you would like to be able to permit some computers to access only 1 website could you do it through an access list?

The thinking was as follows:

access-list 100 permit (internal static address) (external address)

access-list 100 deny (internal static address) any

- - repeat above two lines for additional internal addresses for access list 100

access-list 100 permit any any

Then apply this to the ethernet interface.

Will this work? Is there a better way to accomplish this?

Many thanks in advance for any assistance.

Labels:
0 Helpful
5 Replies 5

hemendoz
Cisco Employee
Cisco Employee

‎07-10-2006 06:27 AM

This ACL is more secure given your requirements.

access-list 100 permit tcp host w.x.y.z host a.b.c.d eq www

access-list 100 deny ip host w.x.y.z any

- - repeat above two lines for additional internal addresses for access list 100

access-list 100 permit ip any any

where

w.x.y.z = internal hosts

a.b.c.d = external web server

This acl would only allow internal hosts defined to have web access to the one web server (no other services) and allow all other hosts all access.

Hope this helps! If so, please rate.

Thanks

hemendoz
Cisco Employee
Cisco Employee
In response to hemendoz

‎07-10-2006 06:29 AM

H

0 Helpful

netwrkadm
Level 1
Level 1
In response to hemendoz

‎07-10-2006 10:03 AM

Thanks for the response. If there is currently no ACL on the Ethernet interface is that interface open without an ACL? If so, I would the "access-list 100 permit ip any any" puts back the access for everyone else. Is that correct?

0 Helpful

hemendoz
Cisco Employee
Cisco Employee
In response to netwrkadm

‎07-10-2006 12:45 PM

If there is no ACL on an interface then in essence it is permit ip any any.

PD-cisco2
Level 1
Level 1

‎07-11-2006 01:28 AM

I am quite new to CISCO firewalls, but I have previous experience with other firewalls. At the moment I am using ASDM 5.0 for PIX to configure Access ?Lists?.

If you go to:

Configuration > Features > Building Blocks > Hosts/Networks

Create Hosts in there. Then go to:

Configuration > Features > Building Blocks > Hosts/Networks Groups

And create to groups, say Servers and Users. Then add hosts (PCs) to a particular group. Go to:

Configuration > Features > Security Policy

and give different access for this groups under the same interface.

0 Helpful
Customers Also Viewed These Support Documents