Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Conduit Statement to block an internal host from accessing all Web traffic

I want to block a internal host from downloading and accessing all traffic from the internet.

4 REPLIES
Silver

Re: Conduit Statement to block an internal host from accessing a

conduits are for outside - inside.

time to start learning about access control lists. you can bind ACLs to the inside interface

access-list insideout deny tcp host host.ip.addr.here any eq 80

access-list insideout permit ip any any

access-group insideout in interface inside

that should do it

New Member

Re: Conduit Statement to block an internal host from accessing a

Thanks for your reponse, unfortunatly our firewall is still using conduits.

Could you please help me with denying a host on the inside from getting out.

Re: Conduit Statement to block an internal host from accessing a

Actually, conduits work for permitting or denying traffic both inbound and outbound. Give this a shot and see if it helps:

conduit deny ip any host

Scott

Silver

Re: Conduit Statement to block an internal host from accessing a

Hi Graig,

Just a usefull tip here:

Why don´t you take a look at Cisco´s Output Interpreter (available on CCO). This tool provides an easy way for migrating your conduit config into access-list config.

Allthough conduits work fine, Cisco has announced that future versions will not support them anymore (I think from version 7 and higher conduits will not be supported anymore).

So, maybe my post is a bit off topic, but I would really advise you to consider changing into access-lists (like the other guy mentioned before)

Kind regards,

Leo

99
Views
0
Helpful
4
Replies