Hey everyone. I'm having an issue with writing an ACL to stop 13 specific machines from having access outside of our LAN, most importantly the internet. I've tried writing up an acl as a host and blocking it:
access-list 101 deny tcp host 172.25.X.X eq 80 any eq 80
which didnt work. I have also tried doing it as just
access-list 101 deny tcp 172.25.X.X 0.0.0.255 eq www any
which again didnt work. The access-group is being applied to in on fa0. There are only two static routes on the router. One is between sites over a t1 and the other moves all off LAN traffic to another router for internet traffic:
other site (172.25.x.x 255.255.255.0 192.168.X.X)
internet (0.0.0.0 0.0.0.0 172.25.X.X)
Anyone have any ideas?