1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

How to block internet access for an IP on ASA 5505

Discussion in 'Networking' started by lesky, Mar 15, 2011.

Thread Status:
Not open for further replies.
  1. lesky

    lesky Thread Starter

    Mar 15, 2011
    Hi all,

    How do I configure Cisco ASA 5505 (using ASDM 5.2) to block a workstation (IP address) from accessing internet completely? I was trying to set up a new incoming access rule for outside interface to deny any IP traffic to that workstation but it doesn't work from some reason - the workstation can still access the internet. The ASA has no special settings, only a few ports opened for servers (see attached screenshot).


    Attached Files:

  2. zx10guy

    zx10guy Trusted Advisor

    Mar 30, 2008
    I don't think that rule is working because the return traffic from the internet is going to have a destination IP address of your public IP you're using to NAT your internal IPs (assuming you're using a NAT overload.) I think you'll have to do it from the inside interface and it's usually best practices to put ACL restrictions closests to the host traffic you're trying to regulate. The reason is you cut down on unnecessary processing of return traffic which wouldn't normally need to be processed.
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/986036