https://community.cisco.com/t5/network-security/white-list/m-p/1036019#M893029 <P>I want to configure a couple of workstations on our network so that they can get only to URL's for Symantec, and then to a specific Web Server that we host that is public. </P><P>Short of configuring our ASA 5510 to use WebSense (which is pending), is there any other quick way to implement this control on the ASA for these two specific workstations?</P> Wed, 13 Mar 2019 00:58:42 GMT Kevin Melton 2019-03-13T00:58:42Z https://community.cisco.com/t5/network-security/white-list/m-p/1036019#M893029 <P>I want to configure a couple of workstations on our network so that they can get only to URL's for Symantec, and then to a specific Web Server that we host that is public. </P><P>Short of configuring our ASA 5510 to use WebSense (which is pending), is there any other quick way to implement this control on the ASA for these two specific workstations?</P> Wed, 13 Mar 2019 00:58:42 GMT https://community.cisco.com/t5/network-security/white-list/m-p/1036019#M893029 Kevin Melton 2019-03-13T00:58:42Z https://community.cisco.com/t5/network-security/white-list/m-p/1036020#M893034 <HTML><HEAD></HEAD><BODY><P>I've done this previously, but it's not pretty. Here's what I would do:</P><P>1) Setup an Outbound ACL</P><P> access-list Outbound-ACL permit ip host (workstation 1) host (Symantec1)</P><P> access-list Outbound-ACL permit ip host (workstation 1) host (Symantec2)</P><P> access-list Outbound-ACL permit ip host (workstation 1) host (Outside WebServer)</P><P>access-list Outbound-ACL deny ip host (workstation 1) any</P><P>*** Mirror this for Workstation 2, etc)</P><P>access-list Outbound-ACL permit ip any any</P><P> 2) Apply the ACL to your inside interface</P><P>access-group Outbound-ACL in inter inside</P><P></P><P>It can be a hassle, but it works. I've also done blacklisting (not sure if this fits your environment) and the reference document is here.</P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080940e04.shtml" target="_blank">http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080940e04.shtml</A></P><P></P><P>Hope this helps, rate if it does, </P><P>JB</P></BODY></HTML> Tue, 25 Nov 2008 20:52:40 GMT https://community.cisco.com/t5/network-security/white-list/m-p/1036020#M893034 jpoplawski 2008-11-25T20:52:40Z