https://community.cisco.com/t5/network-security/block-internet-on-one-device/m-p/4290784#M1078428 <P>Not sure how your ASA configuration to suggest - based on the exiting config.</P> <P>&nbsp;</P> <P>so please look below document using ASDM add ACL and test &amp; advise.</P> <P>&nbsp;</P> <P><A href="https://www.petenetlive.com/KB/Article/0000743" target="_blank">https://www.petenetlive.com/KB/Article/0000743</A></P> Fri, 12 Feb 2021 14:11:37 GMT balaji.bandi 2021-02-12T14:11:37Z https://community.cisco.com/t5/network-security/block-internet-on-one-device/m-p/4290779#M1078427 <P>What is the proper ACL to block internet on one server using an ASA 5545 version 9.6(4) 20?</P> Fri, 12 Feb 2021 13:58:09 GMT https://community.cisco.com/t5/network-security/block-internet-on-one-device/m-p/4290779#M1078427 Eddie Sardinha 2021-02-12T13:58:09Z https://community.cisco.com/t5/network-security/block-internet-on-one-device/m-p/4290784#M1078428 <P>Not sure how your ASA configuration to suggest - based on the exiting config.</P> <P>&nbsp;</P> <P>so please look below document using ASDM add ACL and test &amp; advise.</P> <P>&nbsp;</P> <P><A href="https://www.petenetlive.com/KB/Article/0000743" target="_blank">https://www.petenetlive.com/KB/Article/0000743</A></P> Fri, 12 Feb 2021 14:11:37 GMT https://community.cisco.com/t5/network-security/block-internet-on-one-device/m-p/4290784#M1078428 balaji.bandi 2021-02-12T14:11:37Z https://community.cisco.com/t5/network-security/block-internet-on-one-device/m-p/4290788#M1078429 <P>Alternately, you could delete a default route on the server itself and only use specific routes.</P><P>HTH.</P> Fri, 12 Feb 2021 14:13:53 GMT https://community.cisco.com/t5/network-security/block-internet-on-one-device/m-p/4290788#M1078429 rais 2021-02-12T14:13:53Z https://community.cisco.com/t5/network-security/block-internet-on-one-device/m-p/4290799#M1078430 <P>What is the proper ACL to block internet on one server using an ASA 5545 version 9.6(4) 20?</P> <P>&nbsp;</P> <P>EXAMPLE</P> <P>!</P> <PRE>interface gig1/5<BR /> nameif DMZ<BR /> sec 50<BR /> ip address 192.168.x.x 255.255.x.x<BR />!<BR />object-group network RFC1918 10.0.0.0 255.0.0.0 172.16.0.0 255.240.0.0 192.168.0.0 255.255.0.0<BR />!<BR />object network SERVER-DMZ<BR /> host 192.168.x.x ---THIS IS YOUR SERVER NEED STOP ACCESS TO INTERNET----<BR /><BR /></PRE> <P>!</P> <PRE>access-list DMZ_IN extended permit ip SERVER-DMZ object-group RFC1918<BR />access-list DMZ_IN extended deny ip SERVER-DMZ any<BR />!<BR />access-group DMZ_IN in interface DMZ</PRE> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Fri, 12 Feb 2021 17:37:23 GMT https://community.cisco.com/t5/network-security/block-internet-on-one-device/m-p/4290799#M1078430 Sheraz.Salim 2021-02-12T17:37:23Z https://community.cisco.com/t5/network-security/block-internet-on-one-device/m-p/4290877#M1078439 <P>I have a lot of other ACL's part of different interfaces, inside, outside, dmz and transit interfaces.&nbsp; &nbsp;I want to be sure this doesnt block anything from other devices in my network.&nbsp; Do I need to do anything so nothing else gets blocked ?</P> Fri, 12 Feb 2021 16:30:54 GMT https://community.cisco.com/t5/network-security/block-internet-on-one-device/m-p/4290877#M1078439 Eddie Sardinha 2021-02-12T16:30:54Z https://community.cisco.com/t5/network-security/block-internet-on-one-device/m-p/4290885#M1078440 <P>Which interfere on this ASA this server belong to?&nbsp;<BR />and what access list you have configured on this interface?</P> <P>&nbsp;</P> <P>if you share the internet name of this sever and the first line of access list I can write the ACL for you.</P> <P>&nbsp;</P> <P>example</P> <P>!</P> <P>&nbsp;</P> <LI-CODE lang="markup">access-list DMZ_IN inline 1 extended permit ip SERVER-DMZ object-group RFC1918 access-list DMZ_IN inline 2 extended deny ip SERVER-DMZ any access-list DMZ_IN inline 3 extended permit ip xxx.xxx. xxx.xxxx .................................................... ..................................................... ! access-group DMZ_IN in interface DMZ</LI-CODE> <P>&nbsp;</P> Fri, 12 Feb 2021 17:39:09 GMT https://community.cisco.com/t5/network-security/block-internet-on-one-device/m-p/4290885#M1078440 Sheraz.Salim 2021-02-12T17:39:09Z https://community.cisco.com/t5/network-security/block-internet-on-one-device/m-p/4290888#M1078441 <P>If you have too many ACL not able to post complete config, not confident enough where to add, best is use ASDM&nbsp; add Line below or above where required - test if not working easy from GUI to disable or ammend.</P> <P>&nbsp;</P> <P>Since ASA generate lot of ACL command level, some time it hard to figure out where to insert this lines and as you mentioned this may cause other issue, so please use GUI is easy for simplicity.</P> <P>&nbsp;</P> Fri, 12 Feb 2021 16:55:01 GMT https://community.cisco.com/t5/network-security/block-internet-on-one-device/m-p/4290888#M1078441 balaji.bandi 2021-02-12T16:55:01Z https://community.cisco.com/t5/network-security/block-internet-on-one-device/m-p/4290941#M1078445 <P>The server should be behind the inside interface but i can't share the names of the servers&nbsp;</P> Fri, 12 Feb 2021 18:33:10 GMT https://community.cisco.com/t5/network-security/block-internet-on-one-device/m-p/4290941#M1078445 Eddie Sardinha 2021-02-12T18:33:10Z