Hello all
Wich is the right ACL to permit the web traffic only to a specific "white list" of web adress and deny the other web destinations for all the internal lan ip address and no restritions for some others. The IOS version is
12.4-4(T2)advipservicesk9. Thanks a lot Piertonio
! no restrictions for some internal hosts access-list 101 permit ip host XX.YY.ZZ.AA any access-list 101 permit ip host XX.YY.ZZ.BB any access-list 101 permit ip host XX.YY.ZZ.CC any ! permit internal hosts to specific http sites access-list 101 permit tcp XX.YY.ZZ.00 255.255.255.0 host EE.FF.GG.HH eq 80 access-list 101 permit tcp XX.YY.ZZ.00 255.255.255.0 host II.JJ.KK.LL eq 80 access-list 101 permit tcp XX.YY.ZZ.00 255.255.255.0 host MM.NN.OO.PP eq 80 access-list 101 permit tcp XX.YY.ZZ.00 255.255.255.0 host QQ.RR.SS.TT eq 80 ! permit internal hosts to specific https sites access-list 101 permit tcp XX.YY.ZZ.00 255.255.255.0 host EE.FF.GG.HH eq 443 access-list 101 permit tcp XX.YY.ZZ.00 255.255.255.0 host II.JJ.KK.LL eq 443 access-list 101 permit tcp XX.YY.ZZ.00 255.255.255.0 host MM.NN.OO.PP eq 443 access-list 101 permit tcp XX.YY.ZZ.00 255.255.255.0 host QQ.RR.SS.TT eq 443 ! any other traffic you want to permit goes here ! for example, dns and email access-list 101 permit udp XX.YY.ZZ.00 255.255.255.0 any eq 53 access-list 101 permit tcp XX.YY.ZZ.00 255.255.255.0 any eq 25 ! everything not listed above as permitted is automatically denied ! you do not need to end with an explicit 'deny'.
Thanks a lot Mr. Roberson your answers were very useful
"Walter Roberson" ha scritto nel messaggio news:2Dstg.167169$IK3.52686@pd7tw1no...
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.