Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

ACL question

Status
Not open for further replies.
ccnguy

ccnguy

Technical User
Sep 1, 2002
40
US
Hello,

Need to stop a certain ip from getting to internet and the internet from getting to this ip.
This is what I have:

access-list 100 deny <internet ip> 0.0.0.0 <internal ip>
access-group 100 in

101 deny <internal ip> 0.0.0.0 <internet ip>
access-group 101 out

Am I barking up the right tree?

Thanks
 
Sort by date Sort by votes
Hello......

On the inside interface you could do the following:
Lets say 192.168.2.20 is the blockee

interface e0
ip access-group 100 in
ip access-group 101 out

access-list 100 deny tcp host 192.168.2.20 eq 80 any eq 80
access-list 100 permit ip any any

access-list 101 deny tcp any eq 80 host 192.168.2.20 eq 80
access-list 101 permit ip any any

Also....put access-list in place first and then apply to the interface so as to not kill access to the router via telnet.

The above will only block and allow all other traffic. You want to be sepcific so that still has access to the network but is blocked from the web.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

tklamb
  • Locked
  • Question
ACL help
Replies
0
Views
212
tklamb
tklamb
intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
837
intel233
intel233
NoCoolHandle
  • Locked
  • Question
TLS 1.0 vrs TLS 1.1 vrs 1.2 connection strategy question
Replies
1
Views
225
ChrisHirst
ChrisHirst
J001
  • Locked
  • Question
Checkpoint Upgrade Question
Replies
0
Views
155
J001
J001
barbastica
  • Locked
  • Question
Cisco PIX Fierwall- SSH authentication question
Replies
0
Views
210
barbastica
barbastica

Part and Inventory Search

Sponsor

Back
Top