ACL with PAT

m.metwally — Mon, 11 Mar 2019 16:20:41 GMT

Dear All,

using the ASA 5510, how can I make an access list to be applied only on some client if they wants to open a specific website?

Now I have this ACL:

access-list testacl extended permit tcp 192.168.121.11 any

but this will be applied on ALL the traffic coming from the host 192.168.121.11, I want it to be applied only on this host only if he wanted to visit the website www.xyz.com ??

Re: ACL with PAT

Collin Clark — Tue, 29 Sep 2009 12:35:10 GMT

You can adjust the ACL to fit that requirement. Deny the specified host first, then allow all others.

access-list testacl extended deny tcp host 192.168.121.11 host a.b.c.d eq 80

access-list testacl extended permit tcp host 192.168.121.11 any eq 80

Unfortunatly Cisco can not filter on a domain name in an ACL, so you must use the IP. You may have to block more than IP to block the site. You can block it by domain name if you use the Modular Policy Framework. If that is something you're interested in, just let us know.

topic ACL with PAT in Network Security

ACL with PAT

Re: ACL with PAT