04-17-2007 12:50 PM - edited 03-05-2019 03:31 PM
What command would I use to block all internal access from a LAN, from reaching the internet?
Thanks
04-17-2007 02:58 PM
shut the interface/remove the nat or global/specifically deny protocls you want blocked/remove default route, many different ways, if you provide more info maybe we can give a more detailed solution.
HTH and please rate.
04-17-2007 04:45 PM
Lets say for example that we still want traffic to flow to another LAN (WAN communication). So I just want to block internet access from all users on the one LAN.
04-17-2007 10:48 PM
Hi
Well there are a number of ways to do it. One way -
local LAN 192.168.1.0/24
remote LAN 172.16.5.0/24
access-list acl_inside permit ip 192.168.1.0 255.255.255.0 172.16.5.0 255.255.255.0
access-list acl_inside deny ip 192.168.1.0 255.255.255.0 any
access-group acl_inside in interface inside
Couple of things to be aware of.
1) There is an explicit deny at the end of the access-list so if you have other networks you want to allow access to/from you need to include them in your access-list.
2) I'm assuming this is a pix firewall - is this the case ?
HTH
Jon
04-18-2007 05:17 AM
thanks a lot
yes the firewall is a Pix.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide