https://community.cisco.com/t5/network-security/restricting-lan-internet-acess/m-p/656726#M1028462 <HTML><HEAD></HEAD><BODY><P>10.9.3.11 would not be included in 10.9.11.0/24...maybe a typo on your part</P></BODY></HTML> Fri, 19 Jan 2007 18:54:17 GMT acomiskey 2007-01-19T18:54:17Z https://community.cisco.com/t5/network-security/restricting-lan-internet-acess/m-p/656723#M1028459 <P>Hi There,</P><P></P><P>My set up is bassically</P><P>internet-router-PIX-router-switch</P><P>off the switch I have multiple LANS</P><P>of which I only want one segment to be able to get out totaly unrestricted.</P><P></P><P>With the basic implied rule I can get out to the internet fien and dandy. But when i try to restrict it to one LAN I lose my ability to surf.</P><P>The ACL I am trying to use is.</P><P></P><P>access-list INSIDE permit ip 10.9.11.0 255.255.255.0 any </P><P>access-group INSIDE in interface inside</P><P></P><P>I would think this would allow the LAN out but I am no longer able to surf once it's applied. I am new to the PIX, so i am sure it is something simple I am missing.</P><P></P><P>Thanks</P><P>Concrete</P><P></P> Mon, 11 Mar 2019 09:22:06 GMT https://community.cisco.com/t5/network-security/restricting-lan-internet-acess/m-p/656723#M1028459 Concrete_ 2019-03-11T09:22:06Z https://community.cisco.com/t5/network-security/restricting-lan-internet-acess/m-p/656724#M1028460 <HTML><HEAD></HEAD><BODY><P>Hi </P><P></P><P>Could you clarify. Are you saying that users on the 10.9.11.0/24 network can no longer access the internet or is it the users on other lans. </P><P></P><P>Remember that there is an implicit deny on the end of any access-list so that access-list you have applied will allow 10.9.11.0/24 users unrestricted access out but will deny any other users getting out at all. </P><P></P><P>HTH </P></BODY></HTML> Fri, 19 Jan 2007 17:21:37 GMT https://community.cisco.com/t5/network-security/restricting-lan-internet-acess/m-p/656724#M1028460 Jon Marshall 2007-01-19T17:21:37Z https://community.cisco.com/t5/network-security/restricting-lan-internet-acess/m-p/656725#M1028461 <HTML><HEAD></HEAD><BODY><P>Hi sorry</P><P></P><P>The problem is that when I add the rule above, I lose all access from my 10.9.11.0/24 network. I was expecting to lose access in other subnets, but I don't know why 10.9.3.11 loses it to. From what I understand the rule should allow 10.9.11.0/24 to do what it wants.</P><P></P><P>Thanks Concrete</P></BODY></HTML> Fri, 19 Jan 2007 18:03:17 GMT https://community.cisco.com/t5/network-security/restricting-lan-internet-acess/m-p/656725#M1028461 Concrete_ 2007-01-19T18:03:17Z https://community.cisco.com/t5/network-security/restricting-lan-internet-acess/m-p/656726#M1028462 <HTML><HEAD></HEAD><BODY><P>10.9.3.11 would not be included in 10.9.11.0/24...maybe a typo on your part</P></BODY></HTML> Fri, 19 Jan 2007 18:54:17 GMT https://community.cisco.com/t5/network-security/restricting-lan-internet-acess/m-p/656726#M1028462 acomiskey 2007-01-19T18:54:17Z https://community.cisco.com/t5/network-security/restricting-lan-internet-acess/m-p/656727#M1028463 <HTML><HEAD></HEAD><BODY><P>Yah sorry, it was a typo. Anywho I figured it out, it tooks a while to clue in that the internal DNS wasn't going to be able to get out with the new rule. So I just had to allow access out for it as well. </P><P></P><P>Thanks for all your help </P><P>Concrete </P></BODY></HTML> Fri, 19 Jan 2007 19:22:38 GMT https://community.cisco.com/t5/network-security/restricting-lan-internet-acess/m-p/656727#M1028463 Concrete_ 2007-01-19T19:22:38Z