Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
728
Views
0
Helpful
2
Replies

ASA website blocking

Jon Moots
Beginner
Beginner

‎04-27-2011 06:06 PM - edited ‎03-11-2019 01:26 PM

Can anyone tell me if it is possible to block a website or ip address from an ASA 5505? if it is possible, can you give me an example of the commands to get it done?

thanks

--jon

Labels:
0 Helpful
2 Replies 2

Jennifer Halim
Cisco Employee
Cisco Employee

‎04-27-2011 06:12 PM

Assuming that your traffic is from the ASA inside interface towards the outside interface, and assuming that you have no access-list applied to the inside interface at the moment:

To block to a specific website:

access-list inside-acl deny tcp any host eq 80

access-list inside-acl permit ip any any

access-group inside-acl in interface inside

If you however already have an access-list applied to your inside interface, just add the deny statement above all the permit statement to block the access.

Hope that helps.

0 Helpful

Syed Usaid K
Cisco Employee
Cisco Employee
In response to Jennifer Halim

‎04-27-2011 09:14 PM

Adding to Jennifer's reply if your intent is also to block certain websites being accessed from the local LAN please check the below link,

https://supportforums.cisco.com/docs/DOC-1268

Regards,

Usaid.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents