Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1125
Views
0
Helpful
4
Replies

Allow a Few Websites

Create Share
Level 1
Level 1

‎01-13-2011 02:02 PM - edited ‎03-04-2019 11:04 AM

Hi!

I need to allow only a few Internet websites from Cisco 1841 Router for my LAN users. What Access-List should be used for this. Can somebody give me some examples or links?

Thanks!

Labels:
0 Helpful
4 Replies 4

lal.antony
Level 1
Level 1

‎01-13-2011 02:42 PM

Hi Create Share,

Just to be clear you just want to allow access to some selected website and block the rest? Please state what websites you want or give me an example on how you want to go ahead with this and I can provide you with simple access-lists to give you the solution you require.

Cheers

Lal Antony

CCNA, CCNP

www.lalantony.com

0 Helpful

Create Share
Level 1
Level 1
In response to lal.antony

‎01-14-2011 06:13 AM

I have this configuration. I need to allow some clients to access some websites like hotmail, gmail, cnn, bbc.

Thanks!

Building configuration...

Current configuration : 2472 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Branch
!
boot-start-marker
boot-end-marker
!
enable password password
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.100
!
ip dhcp pool Branch
   network 192.168.1.0 255.255.255.0
   netbios-node-type h-node
   default-router 192.168.1.2
   dns-server ISP DNS Server
!
!
ip name-server ispns1
ip name-server ispns2
vpdn enable
vpdn ip udp ignore checksum
!
vpdn-group 1
! Default PPTP VPDN group
accept-dialin
  protocol pptp
  virtual-template 1
!
!
username password
!
!
!
interface FastEthernet0/0
ip address public ip
ip nat outside
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.1.2 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface Virtual-Template1
ip unnumbered FastEthernet0/1
peer default ip address pool Branch
no keepalive
ppp authentication pap chap ms-chap

no keepalive
ppp authentication pap chap ms-chap
!
ip local pool Branch 192.168.1.241 192.168.1.250
ip classless
ip route 0.0.0.0 0.0.0.0 Public IP
!
no ip http server
ip nat pool ovrld Public IP prefix-length 30
ip nat inside source list 102 pool ovrld overload
ip nat inside source static tcp 192.168.1.99 3389 interface FastEthernet0/0 3389
!
access-list 102 permit tcp 192.168.1.0 0.0.0.255 host Server1 IP eq 3389
access-list 102 permit tcp 192.168.1.0 0.0.0.255 host MailServer IP eq 443
access-list 102 permit ip host 192.168.1.91 any
access-list 102 permit ip host 192.168.1.92 any

!
control-plane
!
!
line con 0
password password
login
line aux 0
line vty 0 4
password password
login
line vty 5 15
password password
login
!
end

0 Helpful

lal.antony
Level 1
Level 1
In response to Create Share

‎01-17-2011 08:21 PM

Do you get web access at all through this, just wondering if the NAT is done properly. Please advice.

Lal Antony

www.lalantony.com

0 Helpful

sean_evershed
Level 7
Level 7
In response to lal.antony

‎01-17-2011 10:51 PM

I have seen examples where you have a small,"black list" of web sites that you want to block using NBAR and class maps. See below

http://ardenpackeer.com/qos-voip/tutorial-how-to-use-cisco-mqc-nbar-to-filter-websites-like-youtube/

I haven't seen an example however where by default you block the majority of sites and only allow a "white list" of authorised sites. Potentially that configuration would become quite complex where you block each web site in turn and allow others.

Please remember to rate all posts that are helpful.

0 Helpful
Customers Also Viewed These Support Documents