02-23-2005 03:32 AM - edited 03-09-2019 10:26 AM
Hi Guys,
I want to restrict the Internet access for one of my VLAN of my PIX-520 firewall. my VLAN subnet is 192.168.4.0 /24.
please tell me the command for the above.
Thanks & Regards,
Ciscobuddy
02-23-2005 04:57 AM
Hi ciscobuddy,
Do not do NAT for 192.168.4.0/24.. this will stop the internet access for that segement.. just see if this network is added in the following statement:
nat (inside) 1 192.168.1.0 255.255.255.0
nat (inside) 1 192.168.4.0 255.255.255.0
remove the second statement and browsing will not happen for 4.0/24
hope this helps..
Raj
02-23-2005 05:39 AM
hi raj,
Thanks for ur reply, and sorry for incomplete info from my side. actually for 192.168.4.0 /24 subnet internet is access threw proxy and i hv MS proxy. and i hv created vlan for all the process. so i think i hv to restrice the internet accesx threw PIX or i have to configure access list on my CORE switch.
pls guide me for the same
Thanks & Regards,
Ciscobuddy
02-23-2005 06:07 AM
Hi cisco buddy,
In this case, you have to restrict on the core switch.. just put VLAN ACLs and restrict access to 192.168.4.0/24
for eg..
interface vlan 100
ip address 192.168.4.1 255.255.255.0
ip access-group 100 in
access-list 100 deny tcp 192.168.4.0 0.0.0.255 any eq http
access-list 100 permit 192.168.4.0 0.0.0.255 any
this will deny port 80 traffic from 192.68.4.0/24 and allow all others.. you can manipulate this access-list to allow anything that the 4.0/24 segment needs access to..
hope this helps..
Raj
02-25-2005 09:27 PM
That ACL will also disallow access to intranet web apps, which could be a potentially career limiting maneuver. If there are internal/intranet web sites that users on the 192.168.4.0 /24 subnet need to access and the ACL is applied to the router i/f, you'll need to precede the deny statements with permissions to any/all internal subnets/hosts.
Best of luck.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide