From: b_lamine@yahoo.fr
Date: Fri Aug 03 2007 - 14:48:05 ART
hello experts,
I have faced some problems using nbar to block web traffic.
################################################################
class-map match-any ACCEPTED_WEB
match protocol http url "*degrouptest.com*"
match protocol http url "*orange.fr*"
match protocol http url "*clubinternet.fr*"
class-map match-all MANAGER
match access-group 1
!
policy-map TRAFFIC
class MANAGER
set ip dscp 1
class ACCEPTED_WEB
set ip dscp 1
!
interface FastEthernet0/0
ip address 192.168.0.1 255.255.255.0
ip nbar protocol-discovery
ip nat inside
service-policy input TRAFFIC
!
interface FastEthernet0/1
ip address 196.46.253.102 255.255.255.252
ip nat outside
!
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1
!
!
ip nat inside source list 102 interface FastEthernet0/1 overload
!
access-list 1 permit 192.168.0.90
access-list 1 permit 192.168.0.36
access-list 1 permit 192.168.0.9
access-list 1 permit 192.168.0.10
access-list 102 permit ip 192.168.0.0 0.0.0.255 any dscp 1
host permited by access-list 1 can access Internet, the others cannot even if they try to access one of the tree website permited,
any solution please.
Thanks
Lamine
This archive was generated by hypermail 2.1.4 : Sat Sep 01 2007 - 11:32:09 ART