Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

secure http only on outside interface

Hello,

can anyone help me with this?

i have 1 192.168.1.0 that only needs access to external http/s browsing in two machines 192.168.1.30 and 60.

whats the most secure configuration that i can make to allow only http?

thanks

2 REPLIES
New Member

Re: secure http only on outside interface

access-list inside_out permit tcp host 192.168.1.30 any eq https

access-list inside_out permit tcp host 192.168.1.60 any eq https

access-list inside_out deny ip any any

access-group inside_out in interface inside

Gold

Re: secure http only on outside interface

access-list outbound permit tcp host 192.168.1.30 any eq https

access-list outbound permit tcp host 192.168.1.60 any eq https

access-list outbound permit udp any any eq domain

access-group outbound in interface inside

the last entry "permit udp any any eq domain" is required as you need to do dns for internet browsing. further by default there is an implicit

deny all at the end of every acl (i.e. optional). you would only apply this entry for troubleshooting/monitoring purposes.

109
Views
8
Helpful
2
Replies
CreatePlease to create content