Solved: Re: ACL Allow only one website to one host

manojyesh · ‎01-27-2025

Dear Team,

Greetings,

I am looking to apply ACL to allow only one website to only one host in Cisco router. Rest all deny.

Please assist.

Regards

Manoj

MHM Cisco World · ‎01-28-2025

Both will work' I prefer use ISP dns than use google dns.

MHM

View solution in original post

MHM Cisco World · ‎01-27-2025

This website have specifc public IP?

İf yes

Add ACL in interface of router connect to host

ACL direction IN

ACL will be

Permit ip host <host IP> host <server IP>

Deny ip any any

MHM

manojyesh · ‎01-27-2025

For example, the servers for hotmail.com or outlook.com have several DNS IP addresses. I have added them to the ACL as shown, using hostnames that were translated to their corresponding IP addresses.

access-list 140 permit ip host 192.168.3.6 host 204.79.197.212

access-list 140 deny ip any any

Please advise if the above command is correctly applied.

Thankyou

MHM Cisco World · ‎01-28-2025

https://blog.ipspace.net/2008/11/using-hostnames-in-ip-access-lists/

If server have multi IP then try use fqdn of server in acl but this requires router use dns lookups

MHM

manojyesh · ‎01-28-2025

Yes, the router is using the DNS lookups of our ISP. Every country's ISP has its own DNS server. If I mention both Google and our ISP's DNS, which is better, or should I only mention Google DNS?

What way is more appropriate?

Please advise.

MHM Cisco World · ‎01-28-2025

Both will work' I prefer use ISP dns than use google dns.

MHM