Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
656
Views
0
Helpful
3
Replies

Internet access

Go to solution
pbvijay77
Level 1
Level 1

‎02-05-2010 10:28 PM - edited ‎03-09-2019 10:49 PM

Hi Everyone,

    We have two ip segment (Public IP). We are already using one IP segment for Internet access. Now the new requirement is to use the remaining  IP segment for selected destination.

For example

1.2.3.4/26 segment activaly used for the internet access.

4.3.2.1/29 segment if free

Now we need to use this 4.3.2.1/29 segment for the internet access (only to browse Google.com)

How this can achived with out modifying the exciting setup.

Thank you

Vijay

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Ganesh Hariharan
VIP Alumni
VIP Alumni

‎02-06-2010 02:32 AM 

Hi Everyone,
    We have
two ip segment (Public IP). We are already using one IP segment for
Internet access. Now the new requirement is to use the remaining  IP
segment for selected destination.
For example
1.2.3.4/26 segment activaly used for the internet access.
4.3.2.1/29 segment if free
Now we need to use this 4.3.2.1/29 segment for the internet access (only to browse Google.com)
How this can achived with out modifying the exciting setup.
Thank you
Vijay

Hi Vijay,

Firstly you need to specify what is the device is router or firewall. If router then divert all the internet traffic towards the new ip segment for port 80 traffic.Make sure you have DNS lookup enabled on your router by doing.
config t
ip domain-lookup

Then configure an access list as such if you don't want to use IP address.

config t
access-list 101 deny tcp any host www.badsite.com eq www
access-list 101 permit tcp any any eq www
access-list 101 permit ip any any

int fa0/0
ip access-group 150 in

If it is firewall then check out the below link for url blocking in firewall hope that help

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080940e04.shtml

If helpful do rate the post

Ganesh.H

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Ganesh Hariharan
VIP Alumni
VIP Alumni

‎02-06-2010 02:32 AM 

Hi Everyone,
    We have
two ip segment (Public IP). We are already using one IP segment for
Internet access. Now the new requirement is to use the remaining  IP
segment for selected destination.
For example
1.2.3.4/26 segment activaly used for the internet access.
4.3.2.1/29 segment if free
Now we need to use this 4.3.2.1/29 segment for the internet access (only to browse Google.com)
How this can achived with out modifying the exciting setup.
Thank you
Vijay

Hi Vijay,

Firstly you need to specify what is the device is router or firewall. If router then divert all the internet traffic towards the new ip segment for port 80 traffic.Make sure you have DNS lookup enabled on your router by doing.
config t
ip domain-lookup

Then configure an access list as such if you don't want to use IP address.

config t
access-list 101 deny tcp any host www.badsite.com eq www
access-list 101 permit tcp any any eq www
access-list 101 permit ip any any

int fa0/0
ip access-group 150 in

If it is firewall then check out the below link for url blocking in firewall hope that help

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080940e04.shtml

If helpful do rate the post

Ganesh.H

0 Helpful

Go to solution
pbvijay77
Level 1
Level 1
In response to Ganesh Hariharan

‎02-06-2010 05:20 AM

Hi Ganesh,

   Thank you very much for your reply.  It is the Firewall.This is secnario we have internet working fine.

Now to use new Public IP segment for accessing some particular portal.

The present setup at ASA 5520

global (outside) 1 61.x.x.x

nat (inside) 1 10.x.x.x 255.255.0.0

Everything works fine except some sites (example Google.com)

now we want to access the google.com with new ip segment 101.x.x.x. With out modifying the ip address of firewall interface.

Thank you

Vijay

(PS: by mistake clicked the correct ans on pervious reply Ooopss)

0 Helpful

Go to solution
Ganesh Hariharan
VIP Alumni
VIP Alumni
In response to pbvijay77

‎02-06-2010 08:21 AM 

Hi Ganesh,
   Thank you very much for your reply.  It is the Firewall.This is secnario we have internet working fine.
Now to use new Public IP segment for accessing some particular portal.
The present setup at ASA 5520
global (outside) 1 61.x.x.x
nat (inside) 1 10.x.x.x 255.255.0.0
Everything works fine except some sites (example Google.com)
now we want to access the google.com with new ip segment 101.x.x.x. With out modifying the ip address of firewall interface.
Thank you
Vijay
(PS: by mistake clicked the correct ans on pervious reply Ooopss)

Hi Vijay,

OK what i would suggest rather just sending a google.com site to one link just make that link available for port 80 traffic from new link.Policy nat will do the thing in firewall just check out the below link on policy nat hope to help.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008046f31a.shtml

Ganesh.H

0 Helpful
Customers Also Viewed These Support Documents