Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
665
Views
10
Helpful
4
Replies

Permit a no internet VLAN to access on an external website only

Paolo Fenili
Level 1
Level 1

‎08-02-2017 05:05 AM - edited ‎03-08-2019 11:34 AM

Good Morning everybody,

I am a beginner in the Cisco's world and i've encountered a problem.

In our company there are several different VLANs, one of them is allowed to access the local network only without any access to the internet connection.

Recently we encountered  the need to access an external website only (where the users working on this VLAN have to record some data).

I kindly ask you the best solution I can choose to allow this VLAN to access that website only

Thank you in advance and best regards

Labels:
0 Helpful
4 Replies 4

Mark Malone
VIP Alumni
VIP Alumni

‎08-02-2017 05:26 AM

Hi

First the vlan needs to access the internet so you need to allow NAT inside in the interface , should be on the other vlan interfaces too if this is the edge router and they can access the web  ...ip nat inside

Routers are not firewalls so it depends on the software and platform you have whether it  can filter one specific website or not and what the options are , what router is this on ? hedre are some options below anyway you can check if there supported on your device and software

block website using ZBF

https://supportforums.cisco.com/document/94511/cisco-ios-how-block-websites-using-local-content-filtering

block using local dns

http://www.techrepublic.com/article/block-access-to-a-web-site-using-the-cisco-ios/

url filtering though class-maps

https://www.youtube.com/watch?v=2UVgWPgop_M

Paolo Fenili
Level 1
Level 1
In response to Mark Malone

‎08-02-2017 11:52 PM

Thank you for your quick answer,

We have got:

Cisco ASA 5510 firewall with Cisco ASDM

Cisco ME 3400E router

Cisco Catalyst 3750 switch

The VLAN for example 12 cannot access the internet and that is where the users need to insert data on the external website.

So this is what you suggest me to do:

1) Allow the internet connection on Vlan 12 (sorry if it is a silly question, but i must do this on the router right? I cannot allow internet connection through the switch)

2) Filter all sites except the website they need to access to

Is it possibile to simulate this website with a static ip address as if it were within the LAN?

Thank you again

0 Helpful

Georg Pauwen
VIP
VIP
In response to Paolo Fenili

‎08-03-2017 12:17 AM

Hello,

in addition to Mark's post, since you have an ASA 5510, it is highly probable that all NAT is done on that device. The 5510 is fairly old, can you check what version you are running (pre 8.3 or some 9.x version) ?

Paolo Fenili
Level 1
Level 1
In response to Georg Pauwen

‎08-03-2017 02:22 AM

Hello!

Our version is:

Cisco Adaptive Security Appliance Software Version 9.0(3)
Device Manager Version 7.1(6)

Cisco ASDM 7.1

I checked the firewall--> configuration --> Nat Rules. I found different rules on other VLANs but there is nothing concerning the VLAN 12

could it be possibile those rules are on another devices ?

Thank you for your support

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card