Hi all,

I want to block few users complete internet access and allow them to access only two web sites but we only have one complete subnet for all users.10.x.x.0/24.

How will I be able to do it.We already have this access-lists implemented.

----------------------------

access-list 100 deny tcp any any eq 5025

access-list 100 deny tcp any any eq 6346

access-list 100 deny tcp any any eq 4661

access-list 100 deny tcp any any eq 4662

access-list 100 deny tcp any any eq 1214

access-list 100 deny tcp any any eq 1234

access-list 100 deny tcp any any eq 5498

access-list 100 deny tcp any any eq 5500

access-list 100 deny tcp any any eq 5499

access-list 100 deny tcp any any eq 5501

access-list 100 deny tcp any any eq 6347

access-list 100 deny tcp any any eq 6699

access-list 100 deny tcp any any eq 411

access-list 100 deny tcp any any eq 412

access-list 100 deny tcp any any eq 3419

access-list 100 deny tcp any any eq 3420

access-list 100 deny tcp any any eq 3421

access-list 100 deny tcp any any eq 4242

access-list 100 deny tcp any any eq 4665

access-list 100 permit udp any any eq domain

access-list 100 permit udp any any range 0 65535

access-list 100 permit ip any any

------------------------------

My access-list looks like this but not implemented.

access-list 101 permit tcp 10.x.x.1 255.255.255.255 212.227.109.205 255.255.255.255 eq 80

access-list 101 tcp deny any any

----------------------------------

1) Shud I implemented this access rules with 100 list or make a special list like I did (101).

2) What will happen if I do this way or how to implement it.

Any feedbacks are appreciated. I need to implemented in next minutes.

Thanks

AR