08-02-2017 05:05 AM - edited 03-08-2019 11:34 AM
Good Morning everybody,
I am a beginner in the Cisco's world and i've encountered a problem.
In our company there are several different VLANs, one of them is allowed to access the local network only without any access to the internet connection.
Recently we encountered the need to access an external website only (where the users working on this VLAN have to record some data).
I kindly ask you the best solution I can choose to allow this VLAN to access that website only
Thank you in advance and best regards
08-02-2017 05:26 AM
Hi
First the vlan needs to access the internet so you need to allow NAT inside in the interface , should be on the other vlan interfaces too if this is the edge router and they can access the web ...ip nat inside
Routers are not firewalls so it depends on the software and platform you have whether it can filter one specific website or not and what the options are , what router is this on ? hedre are some options below anyway you can check if there supported on your device and software
block website using ZBF
https://supportforums.cisco.com/document/94511/cisco-ios-how-block-websites-using-local-content-filtering
block using local dns
http://www.techrepublic.com/article/block-access-to-a-web-site-using-the-cisco-ios/
url filtering though class-maps
https://www.youtube.com/watch?v=2UVgWPgop_M
08-02-2017 11:52 PM
Thank you for your quick answer,
We have got:
Cisco ASA 5510 firewall with Cisco ASDM
Cisco ME 3400E router
Cisco Catalyst 3750 switch
The VLAN for example 12 cannot access the internet and that is where the users need to insert data on the external website.
So this is what you suggest me to do:
1) Allow the internet connection on Vlan 12 (sorry if it is a silly question, but i must do this on the router right? I cannot allow internet connection through the switch)
2) Filter all sites except the website they need to access to
Is it possibile to simulate this website with a static ip address as if it were within the LAN?
Thank you again
08-03-2017 12:17 AM
Hello,
in addition to Mark's post, since you have an ASA 5510, it is highly probable that all NAT is done on that device. The 5510 is fairly old, can you check what version you are running (pre 8.3 or some 9.x version) ?
08-03-2017 02:22 AM
Hello!
Our version is:
Cisco Adaptive Security Appliance Software Version 9.0(3)
Device Manager Version 7.1(6)
Cisco ASDM 7.1
I checked the firewall--> configuration --> Nat Rules. I found different rules on other VLANs but there is nothing concerning the VLAN 12
could it be possibile those rules are on another devices ?
Thank you for your support
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide