cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
779
Views
0
Helpful
2
Replies

ASA website blocking

Jon Moots
Level 1
Level 1

Can anyone tell me if it is possible to block a website or ip address from an ASA 5505? if it is possible, can you give me an example of the commands to get it done?

thanks

--jon

2 Replies 2

Jennifer Halim
Cisco Employee
Cisco Employee

Assuming that your traffic is from the ASA inside interface towards the outside interface, and assuming that you have no access-list applied to the inside interface at the moment:

To block to a specific website:

access-list inside-acl deny tcp any host eq 80

access-list inside-acl permit ip any any

access-group inside-acl in interface inside

If you however already have an access-list applied to your inside interface, just add the deny statement above all the permit statement to block the access.

Hope that helps.

Adding to Jennifer's reply if your intent is also to block certain websites being accessed from the local LAN please check the below link,

https://supportforums.cisco.com/docs/DOC-1268

Regards,

Usaid.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: