11-09-2010 10:08 PM - edited 03-11-2019 12:06 PM
Hello all,
I am having ASA 5510. I want to block access to internet for all my LAN Users.
How can i do this?
11-09-2010 10:17 PM
You can create an access-list on the inside interface/interface where the users are connected to to block access to the Internet.
What traffic do you want to block the users from the Internet? all traffic? or only web traffic?
11-09-2010 10:21 PM
Hi,
Thanks for reply.
I want to block internet surfing. Only want google to open nothing else.
how to do this?
11-09-2010 10:27 PM
In that case, if you only want to allow google, then you would need to configure MPF (Modular Policy Framework) with regex.
Here is a sample configuration for your reference:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080940e04.shtml
You would need to tweak the config as the example is to drop/block access to specific website, but in your case, you would like to allow access to specific website.
Hope that helps.
11-10-2010 08:33 AM
http://supportforums.cisco.com/docs/DOC-1268#Allow_only_ciscocom will give you the config you want.
And it is
regex allowex2 "google\.com"
class-map type inspect http match-all allow-url-class
match not request header host regex allowex2
policy-map type inspect http allow-url-policy
parameters
class allow-url-class
drop-connection log
policy-map global_policy
class inspection_default
inspect http allow-url-policy
service-policy global_policy global
that will do. Let us know that it fixed your issue.
PK
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide