Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Controlling outbound access

Is their an IOS command or a PIX command that allows you to block outgoing access to the Internet from LAN users by MAC address? I am trying to allow only certain users access to the Internet while blocking others. The only way I know how is to use static addresses and do not put their IP's in a NAT pool. I would like to stay with DHCP.

Thanks

4 REPLIES
New Member

Re: Controlling outbound access

Another option you might want to consider is to use the authentication feature the firewall. Only authenticated users can access the internet.

New Member

Re: Controlling outbound access

Authentication Method, can you point me in a direction on how to use that?

New Member

Re: Controlling outbound access

Sure, you need to setup either TACACS+ or RADIUS authentication servers. With one of these servers in place, you configure the PIX firewall to authenticate users who would like to use http for web access. The PIX intercept the user's http request, sends a username/password challange back to the user and wait for the user to provide the PIX with his/her credentials. The PIX will verify the username/password by forwarding the information to the authentication server. If allowed, the http request will be forwarded as requested and the user can access the Internet for a certain time (you set the idle and/or absolute timeouts). Users who are not authenticated cannot use the Internet.

New Member

Re: Controlling outbound access

Thanks for the info.

98
Views
0
Helpful
4
Replies
CreatePlease login to create content