09-01-2004 12:26 AM - edited 03-02-2019 06:09 PM
Hi all,
I want to block few users complete internet access and allow them to access only two web sites but we only have one complete subnet for all users.10.x.x.0/24.
How will I be able to do it.We already have this access-lists implemented.
----------------------------
access-list 100 deny tcp any any eq 5025
access-list 100 deny tcp any any eq 6346
access-list 100 deny tcp any any eq 4661
access-list 100 deny tcp any any eq 4662
access-list 100 deny tcp any any eq 1214
access-list 100 deny tcp any any eq 1234
access-list 100 deny tcp any any eq 5498
access-list 100 deny tcp any any eq 5500
access-list 100 deny tcp any any eq 5499
access-list 100 deny tcp any any eq 5501
access-list 100 deny tcp any any eq 6347
access-list 100 deny tcp any any eq 6699
access-list 100 deny tcp any any eq 411
access-list 100 deny tcp any any eq 412
access-list 100 deny tcp any any eq 3419
access-list 100 deny tcp any any eq 3420
access-list 100 deny tcp any any eq 3421
access-list 100 deny tcp any any eq 4242
access-list 100 deny tcp any any eq 4665
access-list 100 permit udp any any eq domain
access-list 100 permit udp any any range 0 65535
access-list 100 permit ip any any
------------------------------
My access-list looks like this but not implemented.
access-list 101 permit tcp 10.x.x.1 255.255.255.255 212.227.109.205 255.255.255.255 eq 80
access-list 101 tcp deny any any
----------------------------------
1) Shud I implemented this access rules with 100 list or make a special list like I did (101).
2) What will happen if I do this way or how to implement it.
Any feedbacks are appreciated. I need to implemented in next minutes.
Thanks
AR
09-01-2004 01:10 AM
Hello,
I would incorporate the new statements into your existing access list. So your access list should look like this:
access-list 100 permit tcp 10.x.x.1 255.255.255.255 212.227.109.205 255.255.255.255 eq 80
access-list 100 tcp deny any any eq 80
access-list 100 deny tcp any any eq 5025
access-list 100 deny tcp any any eq 6346
access-list 100 deny tcp any any eq 4661
access-list 100 deny tcp any any eq 4662
access-list 100 deny tcp any any eq 1214
access-list 100 deny tcp any any eq 1234
access-list 100 deny tcp any any eq 5498
access-list 100 deny tcp any any eq 5500
access-list 100 deny tcp any any eq 5499
access-list 100 deny tcp any any eq 5501
access-list 100 deny tcp any any eq 6347
access-list 100 deny tcp any any eq 6699
access-list 100 deny tcp any any eq 411
access-list 100 deny tcp any any eq 412
access-list 100 deny tcp any any eq 3419
access-list 100 deny tcp any any eq 3420
access-list 100 deny tcp any any eq 3421
access-list 100 deny tcp any any eq 4242
access-list 100 deny tcp any any eq 4665
access-list 100 permit udp any any eq domain
access-list 100 permit udp any any range 0 65535
access-list 100 permit ip any any
HTH,
GP
09-01-2004 01:51 AM
Thanx GP for the reply.It solved my issue.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide