• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 192
  • Last Modified:

Access List Issues

Hey everyone. I'm having an issue with writing an ACL to stop 13 specific machines from having access outside of our LAN, most importantly the internet. I've tried writing up an acl as a host and blocking it:

access-list 101 deny tcp host 172.25.X.X eq 80 any eq 80

which didnt work. I have also tried doing it as just

access-list 101 deny tcp 172.25.X.X 0.0.0.255 eq www any

which again didnt work. The access-group is being applied to in on fa0. There are only two static routes on the router. One is between sites over a t1 and the other moves all off LAN traffic to another router for internet traffic:

other site (172.25.x.x 255.255.255.0 192.168.X.X)
internet (0.0.0.0 0.0.0.0 172.25.X.X)

Anyone have any ideas?
0
skitechnh
Asked:
skitechnh
1 Solution
 
JFrederick29Commented:
You are trying to block outbound access from these machines to the Internet on port 80 only?  Is the fa0 interface connected to the Internet router?  If so, apply this access-list outbound:

conf t
ip access-list ext 150
deny tcp host 172.25.x.x any eq 80   <-first host
deny tcp host 172.25.x.x any eq 80   <-second host
deny tcp host 172.25.x.x any eq 80   <-third host
...<hosts 4-13>
permit ip any any

int fa0
ip access-group 150 out
0
 
skitechnhAuthor Commented:
Fantastic thank you!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now