Re: How to Block users from accessing Internet

vinayak · ‎11-09-2010

Hello all,

I am having ASA 5510. I want to block access to internet for all my LAN Users.

How can i do this?

Jennifer Halim · ‎11-09-2010

You can create an access-list on the inside interface/interface where the users are connected to to block access to the Internet.

What traffic do you want to block the users from the Internet? all traffic? or only web traffic?

vinayak · ‎11-09-2010

Hi,

Thanks for reply.

I want to block internet surfing. Only want google to open nothing else.

how to do this?

Jennifer Halim · ‎11-09-2010

In that case, if you only want to allow google, then you would need to configure MPF (Modular Policy Framework) with regex.

Here is a sample configuration for your reference:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080940e04.shtml

You would need to tweak the config as the example is to drop/block access to specific website, but in your case, you would like to allow access to specific website.

Hope that helps.

Panos Kampanakis · ‎11-10-2010

http://supportforums.cisco.com/docs/DOC-1268#Allow_only_ciscocom will give you the config you want.

And it is


regex allowex2 "google\.com"




class-map type inspect http match-all allow-url-class
 match not request header host regex allowex2

policy-map type inspect http allow-url-policy
 parameters
 class allow-url-class
  drop-connection log
policy-map global_policy
 class inspection_default
  inspect http allow-url-policy

service-policy global_policy global

that will do. Let us know that it fixed your issue.

PK