Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
23199
Views
0
Helpful
3
Replies

Access List to restrict HTTP, HTTPS and DNS access on LAN

osmansmalik
Level 5
Level 5

‎02-14-2008 07:41 PM - edited ‎03-05-2019 09:10 PM

I need to restrict the LAN to only access HTTP, HTTPS and DNS. All other access to the internet should be deny. I need help creating access-lists to restrict access. Int fas0 is LAN and int fas4 is the WAN. Any help will be appreciated.

Thanks,

Osman

Labels:
Preview file
3 KB
0 Helpful
3 Replies 3

ghostswitch
Level 1
Level 1

‎02-14-2008 09:53 PM

en

config t

access-list 100 permit tcp any any eq 80

access-list 100 permit tcp any any eq 443

access-list 100 permit tcp any any eq 53

int fas4

ip access-group 100 out

*this will allow users on the lan to access http (80), https (443), and dns (53). all other traffic out the wan interface will be implicitly denied.

0 Helpful

gauravshar
Level 2
Level 2
In response to ghostswitch

‎02-14-2008 10:57 PM

I think this access list should be applied at fas0 interface because if he apply this on wan interface it will block the access of these ports for all the LAN interfaces i.e. the whole vlan 10. He just want to block these port accesses at LAN connected to fas0.

This is what I understood after reading his post.

--gaurav

0 Helpful

osmansmalik
Level 5
Level 5
In response to gauravshar

‎02-15-2008 09:08 AM

Yes Guarav. Actually i want everything allowed to the tunnel interface and restrict internet access to HTTP, HTTPS and DNS.

All Lan traffic will be on VLAN 10.

Not sure where to apply those acls and what direction it should be.

Fas0 - LAN interface

Fas4 - Wan interface to internet.

Thanks,

Osman

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card