On my Cisco ASA5510, I do the following:
object-group network no_internet_allowed
network-object host 10.xx.xx.xx
access-list 102 deny ip object-group no_internet_allowed any
access-list 102 permit ip any any
access-group 102 in interface inside
--
Kevin Kelly
Director, Network Technology
Whitman College
Chyka, Robert wrote:
We have a windows 2003 domain and a Cisco infrastructure at a small site
(Pix 515, Cisco 3560s). what is the easiest way to take away internet
access for a workstation? Is there anything I can do at the pix.
Ie.block port 80 traffic for a certain ip etc.?
The user is savvy….at first I added a fake proxy setting in IE, but they
found it. Management doesn’t want to tell them straight out yet….
Thanks for any help..
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
