Access List Issues

Hey everyone. I'm having an issue with writing an ACL to stop 13 specific machines from having access outside of our LAN, most importantly the internet. I've tried writing up an acl as a host and blocking it:

access-list 101 deny tcp host 172.25.X.X eq 80 any eq 80

which didnt work. I have also tried doing it as just

access-list 101 deny tcp 172.25.X.X 0.0.0.255 eq www any

which again didnt work. The access-group is being applied to in on fa0. There are only two static routes on the router. One is between sites over a t1 and the other moves all off LAN traffic to another router for internet traffic:

other site (172.25.x.x 255.255.255.0 192.168.X.X)
internet (0.0.0.0 0.0.0.0 172.25.X.X)

Anyone have any ideas?
skitechnhAsked:
Who is Participating?
 
JFrederick29Commented:
You are trying to block outbound access from these machines to the Internet on port 80 only?  Is the fa0 interface connected to the Internet router?  If so, apply this access-list outbound:

conf t
ip access-list ext 150
deny tcp host 172.25.x.x any eq 80   <-first host
deny tcp host 172.25.x.x any eq 80   <-second host
deny tcp host 172.25.x.x any eq 80   <-third host
...<hosts 4-13>
permit ip any any

int fa0
ip access-group 150 out
0
 
skitechnhAuthor Commented:
Fantastic thank you!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.