06-18-2008 07:29 AM - edited 03-05-2019 11:42 PM
Is there a way to block users from the internet via acl. All traffic from the site rides to a ISP router via EIGRP .The rest of the corporation is reached via EIGRP thru the ISP router. Web traffic rides to the same router via a default static route . Is there a way to block the users from riding the default static route to the internet without breaking there access to anywhere else via EIGRP . Will something like this work?
deny ip 192.168.1.5 0.0.0.0 0.0.0.0 0.0.0.0
permit ip any any
06-18-2008 07:43 AM
Are you trying to deny your local users the ability to get to websites, but still be able to communicate with your offsite company?
This will restrict http and https connections, but could also restrict http/s communications to your offsite company.
If you give us a little more information, we might be able to help further.
deny tcp 192.168.1.5 0.0.0.0 any eq 80 443
06-18-2008 07:46 AM
That is correct , strictly internet web but they must still be able to get to the rest of the company which has web applications. They get to the web via the default static route 0.0.0.0 0.0.0.0 .
06-18-2008 07:52 AM
In that case, depending on the number of web applications you have a few choices.
1) permit the destination IP addresses for the offsite company's web applications, and deny all others.
permit tcp any host
deny tcp any any eq 80 443
permit ip any any
2) use DNS to control the forward lookup of your client computers. this step is a bit more advanced, but depending on the number of entrys you have to make, this could be an option.
06-18-2008 07:55 AM
How about something like this?
permit tcp [local corp network] [remote corp networks] eq 80
permit tcp [local corp network] [remote corp networks] eq 443
deny tcp [local corp network] any eq 80
deny tcp [local corp network] any eq 443
UPDATE: Sorry Jason, you beat me to it.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide