Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Access List Issues

Posted on 2008-06-23
2
Medium Priority
?
186 Views
Last Modified: 2010-04-12
Hey everyone. I'm having an issue with writing an ACL to stop 13 specific machines from having access outside of our LAN, most importantly the internet. I've tried writing up an acl as a host and blocking it:

access-list 101 deny tcp host 172.25.X.X eq 80 any eq 80

which didnt work. I have also tried doing it as just

access-list 101 deny tcp 172.25.X.X 0.0.0.255 eq www any

which again didnt work. The access-group is being applied to in on fa0. There are only two static routes on the router. One is between sites over a t1 and the other moves all off LAN traffic to another router for internet traffic:

other site (172.25.x.x 255.255.255.0 192.168.X.X)
internet (0.0.0.0 0.0.0.0 172.25.X.X)

Anyone have any ideas?
0
Comment
Question by:skitechnh
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 2000 total points
ID: 21846064
You are trying to block outbound access from these machines to the Internet on port 80 only?  Is the fa0 interface connected to the Internet router?  If so, apply this access-list outbound:

conf t
ip access-list ext 150
deny tcp host 172.25.x.x any eq 80   <-first host
deny tcp host 172.25.x.x any eq 80   <-second host
deny tcp host 172.25.x.x any eq 80   <-third host
...<hosts 4-13>
permit ip any any

int fa0
ip access-group 150 out
0
 

Author Comment

by:skitechnh
ID: 21846367
Fantastic thank you!
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
Hello , This is a short article on how would you go about enabling traceoptions on a Juniper router . Traceoptions are similar to Cisco debug commands but these traceoptions are implemented in Juniper networks router . The following demonstr…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question