topic acl allowing guest access in Network Security https://community.cisco.com/t5/network-security/acl-allowing-guest-access/m-p/1815545#M456096 <P>I have an ASA 5550 at our main site with an external ethernet interface to our ISP for internet access.&nbsp; I would like to allow 10.100.41.x/24 http / https access but block this network's access to all other internal networks including 172.17.x.x,,&nbsp; 10.100.1 - 40.x, and others.&nbsp; I'm having trouble identifying what IP address to use as the desitination for the permit rule for access to the internet.&nbsp; The rule that comes after the permit is to deny 10.100.41.x/24 access to internal network addresses.&nbsp; I'd sure appreciate any guidance someone could give me.</P><P></P><P>Bob in Indiana</P> Mon, 11 Mar 2019 22:20:23 GMT bschussl 2019-03-11T22:20:23Z acl allowing guest access https://community.cisco.com/t5/network-security/acl-allowing-guest-access/m-p/1815545#M456096 <P>I have an ASA 5550 at our main site with an external ethernet interface to our ISP for internet access.&nbsp; I would like to allow 10.100.41.x/24 http / https access but block this network's access to all other internal networks including 172.17.x.x,,&nbsp; 10.100.1 - 40.x, and others.&nbsp; I'm having trouble identifying what IP address to use as the desitination for the permit rule for access to the internet.&nbsp; The rule that comes after the permit is to deny 10.100.41.x/24 access to internal network addresses.&nbsp; I'd sure appreciate any guidance someone could give me.</P><P></P><P>Bob in Indiana</P> Mon, 11 Mar 2019 22:20:23 GMT https://community.cisco.com/t5/network-security/acl-allowing-guest-access/m-p/1815545#M456096 bschussl 2019-03-11T22:20:23Z acl allowing guest access https://community.cisco.com/t5/network-security/acl-allowing-guest-access/m-p/1815546#M456099 <HTML><HEAD></HEAD><BODY><P>Put in the ACL to deny from 10.100.41.0 /24 to all RFC 1918 networks (10.0.0.0 /8, 172.16.0.0 /12, and 192.168.0.0 /16). From higher security inside (where it resides) to lower security outside (Internet) there is an implict allow which will normally use the global or other NAT (or PAT) pool you have setup.</P></BODY></HTML> Fri, 27 Jan 2012 23:55:23 GMT https://community.cisco.com/t5/network-security/acl-allowing-guest-access/m-p/1815546#M456099 Marvin Rhoads 2012-01-27T23:55:23Z