Accesslist Questions

[userice]

We have two Accounting PCs, and We wants to setup access rules so those two PCs can only access two Internet IP addresses. We want to deny all other IP address. We also want to log it if they tried to access other IP addresses. What sould I do?
Thanks

 

[unclerico]

It would be best if you post your current ACL so that we can help you with the proper placement of the new ACE's that need to be created.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[userice]

I don’t have any ACL.
Accounting PC: 192.168.10.10
Bank’s Website IP: 10.10.10.x, 10.10.10.y

I would like to setup ACL for this Accounting PC (192.168.10.10), so it can access two Banks’ website IPs only. Is that doable with ASA?

 

[brianinms]

access-list inside-access-outbound permit ip host 192.168.10.10 host 10.10.10.x
access-list inside-access-outbound permit ip host 192.168.10.10 host 10.10.10.y
access-list inside-access-outbound deny ip host 192.168.10.10 any
access-list inside-access-outbound permit ip any any

access-group inside-access-outbound in interface inside

 

[userice]

If there anyway I can do syslog when the Accounting PC is accessing IPs that are denied?

 

[brianinms]

change

access-list inside-access-outbound deny ip host 192.168.10.10 any


To

access-list inside-access-outbound deny ip host 192.168.10.10 any log