Re: Block the IP....

rajput_p · ‎11-30-2004

Hi

i have a very basic ACL question. See we have one proxy server every body ll be acces the server now what we did we installed the WEBSENSE on the proxy server and we block all the mailing site like yahoo,rediff etc...but what we see in the person who ll be siting on nateed machin who search on net some free proxy ip and they use that ip in internet lan setting and now they can acces every thing so my ques is how can i block these ip & any ACL.....so nobody can acces this ip...imediate reply ll be apriciate...

Thanx in Advance

Rgards

Pawan Rajput

sachinraja · ‎12-01-2004

Hi Rajput,

You can do this by two ways:

1) To nat/PAT only your internal proxy servers IP for browsing.. by doing this, the users need to forcefully put your proxy server's IP to browse. they cannot browse by using other proxy server IPs on the internet, as they are not NATed at all..

nat (inside) 1 192.168.1.10 (proxy IP)

global (outside) 1 interface

You can add the IPs on the nat inside statement if they want direct internet access...

2) The second way is to block these connections using an access-list.. Allow http/https access only from the internal Proxy IP & block everything else..

access-list inside permit tcp host 192.168.1.10 any eq http

access-list inside permit tcp host 192.168.1.10 any eq https

you can keep adding the access permissions that you need from inside to outside..

access-group inside in interface inside

there is an implicit deny at the end, which will block other data packets..

hope this helps.. all the best..