02-23-2009 01:54 PM - edited 03-04-2019 03:41 AM
How can I deny access to specific websites using acl on a router with NAT with overload enabled? DNS and name server are enabled.
Currently I have
interface FastEthernet0/1
description connected to Internet
ip address 192.168.1.80 255.255.255.0
no ip redirects
ip nat outside
.
.
.
.
ip nat inside source list 1 interface FastEthernet0/1 overload
.
.
.
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 1 permit 172.16.10.0 0.0.0.255
access-list 1 permit 172.16.0.0 0.0.0.255
access-list 1 permit 172.16.32.0 0.0.0.255
access-list 1 permit 172.16.64.0 0.0.0.255
Thanks in advance.
Solved! Go to Solution.
02-23-2009 02:00 PM
Not sure what this has to do with NAT. It's more to do with simply applying an acl on the inside interface of your device blocking access to the specific websites - assuming you aren't using websense or some such thing eg.
access-list 101 deny tcp any host
etc.. for each website
access-list 101 permit ip any any
then on the interface connecting to your LAN
int fa0/0
ip access-group 101 in
Jon
02-23-2009 02:00 PM
Not sure what this has to do with NAT. It's more to do with simply applying an acl on the inside interface of your device blocking access to the specific websites - assuming you aren't using websense or some such thing eg.
access-list 101 deny tcp any host
etc.. for each website
access-list 101 permit ip any any
then on the interface connecting to your LAN
int fa0/0
ip access-group 101 in
Jon
02-23-2009 04:05 PM
Thanks Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide