Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Search Search
Search for:
Tech Support Guy Forums > > >

How to block internet access for an IP on ASA 5505


(!)

Reply
lesky's Avatar
Junior Member with 1 posts.
THREAD STARTER
  
Join Date: Mar 2011
Experience: Intermediate
15-Mar-2011, 06:59 AM #1
How to block internet access for an IP on ASA 5505
Hi all,

How do I configure Cisco ASA 5505 (using ASDM 5.2) to block a workstation (IP address) from accessing internet completely? I was trying to set up a new incoming access rule for outside interface to deny any IP traffic to that workstation but it doesn't work from some reason - the workstation can still access the internet. The ASA has no special settings, only a few ports opened for servers (see attached screenshot).

Thanks.
Attached Thumbnails
How to block internet access for an IP on ASA 5505-asa_screenshot.jpg  
zx10guy's Avatar
zx10guy has a Photo Album
Computer Specs
Trusted Advisor with 3,418 posts.
  
Join Date: Mar 2008
15-Mar-2011, 10:10 AM #2
I don't think that rule is working because the return traffic from the internet is going to have a destination IP address of your public IP you're using to NAT your internal IPs (assuming you're using a NAT overload.) I think you'll have to do it from the inside interface and it's usually best practices to put ACL restrictions closests to the host traffic you're trying to regulate. The reason is you cut down on unnecessary processing of return traffic which wouldn't normally need to be processed.
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join Today!

Tags
access rule, asa, block internet access, firewall

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | Networking | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


TECH SUPPORT GUY
WELCOME
FOLLOW US
 
You Are Using: Server ID
All times are GMT -4. The time now is 04:59 PM.
Advertisements do not imply our endorsement of that product or service.
Copyright © 1996 - 2013 TechGuy, Inc. All rights reserved. Privacy & Terms.

Trusted Website Back to the Top ↑