To all, WebSense, and N2H2 (in 6.2), are good solutions if you want to filter web CONTENT--if you have a statitic list of sites, then using an ACL will do the job. Another solution, especially if you have roaming users and their IPs are assigned via DHCP, is to use Cut-Through proxy--with this solution, the user must authenticate BEFORE you allow the connection going out. This gives you per-group control on who access what. This can be used for traffic in BOTH directions on the PIX.
Cheers! -- Richard A. Deal Visit my home page at http://home.cfl.rr.com/dealgroup/ Author of Cisco PIX Firewalls, CCNA Secrets Revealed!, CCNP Remote Access Exam Prep, CCNP Switching Exam Cram, and CCNP Cisco LAN Switch Configuration Exam Cram Cisco Test Prep author for QuizWare, providing the most comprehensive Cisco exams on the market. ""Brad"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Kevin, > > Hi! I would say the best way to do something like this would probably be > using Websense (or similar software) in conjunction with your Pix. I've > setup Websense before, and it's pretty easy. > > thanks, > -Brad Ellis > CCIE#5796 (R&S / Security) > Network Learning Inc > [EMAIL PROTECTED] > www.optsys.net (Cisco hardware) > > ""Kevin O'Gilvie"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Hi All, > > > > I would like to create a group lets say x,x,x,x-x.x.x.x and restrict them > to > > only certain websites, I am guessing I will have to use ip addresses of > > those sites, but still allow them to access the local network.. > > Whats the best way to go about this. > > I have been using groups in my configs thus far.. > > > > BTW- I love you guys in this group, it has to be the best news group > around > > right now, lets keep the standards high and weed out the slackers that are > > trying to water down the CCIE's. We are doing more work for less money and > > the main reason why is because we are settling, we work damn hard and > invest > > time and money to achieve these goals, and should be awarded as such. I > dont > > see doctors building practice labs in there homes to cure patients, nor > > lawyers building practice court rooms.. > > > > Sorry for the ranting but every year it seems you have to have more and > more > > letters after your name to earn a decent living in this technology arena, > > when we are the ones that are enabling these million and billion dollar > > companies to do business seemlessly anytime and anywhere.. > > > > -Kevin > > > > _________________________________________________________________ > > The new MSN 8: smart spam protection and 2 months FREE* > > http://join.msn.com/?page=features/junkmail Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59076&t=58861 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
