https://community.cisco.com/t5/network-security/asdm-internet-restriction-by-ip/m-p/1519438#M608204 <P>Hi, have an ASA 5510, want to restrcit internet access to a specific IP (or range) , I tried to add a rule that did this but it stopped all incoming email ??.</P><P></P><P>Can you give me some pointerts, I dont want the command line stuff, the web based Admin, is my preferred option.</P><P></P><P>thanks</P><P>Paul</P> Mon, 11 Mar 2019 19:00:22 GMT pbenfield99 2019-03-11T19:00:22Z https://community.cisco.com/t5/network-security/asdm-internet-restriction-by-ip/m-p/1519438#M608204 <P>Hi, have an ASA 5510, want to restrcit internet access to a specific IP (or range) , I tried to add a rule that did this but it stopped all incoming email ??.</P><P></P><P>Can you give me some pointerts, I dont want the command line stuff, the web based Admin, is my preferred option.</P><P></P><P>thanks</P><P>Paul</P> Mon, 11 Mar 2019 19:00:22 GMT https://community.cisco.com/t5/network-security/asdm-internet-restriction-by-ip/m-p/1519438#M608204 pbenfield99 2019-03-11T19:00:22Z https://community.cisco.com/t5/network-security/asdm-internet-restriction-by-ip/m-p/1519439#M608206 <HTML><HEAD></HEAD><BODY><P>What do you mean by "Hi, have an ASA 5510, want to restrcit internet access to a specific IP (or range)"?</P><P>You want to only allow certain hosts to go out?</P><P>Certain hosts to come in from the outside?</P><P></P><P>PK</P></BODY></HTML> Tue, 26 Oct 2010 15:32:45 GMT https://community.cisco.com/t5/network-security/asdm-internet-restriction-by-ip/m-p/1519439#M608206 Panos Kampanakis 2010-10-26T15:32:45Z https://community.cisco.com/t5/network-security/asdm-internet-restriction-by-ip/m-p/1519440#M608208 <HTML><HEAD></HEAD><BODY><P>not concerned about incoming, we currently have the ASA working fine, but I want to deploy a proxy server (squid) and rather than get bogged down by settings on individual pc's, proxy.pac files and wdat.dat files etc. I want to block the direct access to the internet so that the clients will autodetect the proxy and configure themsleves. I want to test this from a user pc , by getting the rule to operate only on a single IP address (so I dont invoke armageddon from the userbase)&nbsp; does that make it a bit clearer ?</P><P>Users are on a their own subnet, so 10.0.0.x is servers, 10.0.1.x are users.</P><P></P><P>thanks</P><P>PaulB</P></BODY></HTML> Tue, 26 Oct 2010 15:40:31 GMT https://community.cisco.com/t5/network-security/asdm-internet-restriction-by-ip/m-p/1519440#M608208 pbenfield99 2010-10-26T15:40:31Z https://community.cisco.com/t5/network-security/asdm-internet-restriction-by-ip/m-p/1519441#M608210 <HTML><HEAD></HEAD><BODY><P>Aplly an ACL on the inside interrface that has</P><P></P><PRE __jive_macro_name="quote" class="jive_text_macro jive_macro_quote"><P>access-l inside-out deny tcp 10.0.1.0 255.255.255.0 any eq 80&nbsp;&nbsp;&nbsp; &lt;----that will block outbound web</P><P>access-l inside-out permit ip any any&nbsp;&nbsp;&nbsp; &lt;---that will premit everything else outbound, probably you didn't have this when things broke</P><P>access-group inside-out in interface inside</P></PRE><P></P><P>For ASDM, put an ACL on the inside interface that denies all destination port 80 for source IP addresses being the users, but below that make sure you allow everything else so you don't deny everything with the implicit deny at the end of the ACL.</P><P></P><P>I hope it helps.</P><P></P><P>PK</P></BODY></HTML> Tue, 26 Oct 2010 17:00:28 GMT https://community.cisco.com/t5/network-security/asdm-internet-restriction-by-ip/m-p/1519441#M608210 Panos Kampanakis 2010-10-26T17:00:28Z https://community.cisco.com/t5/network-security/asdm-internet-restriction-by-ip/m-p/1519442#M608212 <HTML><HEAD></HEAD><BODY><P>thanks for your help, will give it a try</P><P></P><P>PaulB</P></BODY></HTML> Wed, 27 Oct 2010 08:43:30 GMT https://community.cisco.com/t5/network-security/asdm-internet-restriction-by-ip/m-p/1519442#M608212 pbenfield99 2010-10-27T08:43:30Z https://community.cisco.com/t5/network-security/asdm-internet-restriction-by-ip/m-p/1519443#M608213 <HTML><HEAD></HEAD><BODY><P>Let us know if it solves it.</P><P></P><P>PK</P></BODY></HTML> Wed, 27 Oct 2010 13:21:13 GMT https://community.cisco.com/t5/network-security/asdm-internet-restriction-by-ip/m-p/1519443#M608213 Panos Kampanakis 2010-10-27T13:21:13Z