Sounds good..make an acl like the following Access-list acl out deny tcp xxx.xxx.xxx.xxx eq 80
Then same for acl in for 80 and 443 -----Original Message----- From: "Roger Wright" <[EMAIL PROTECTED]> To: "NT System Admin Issues" <ntsysadmin@lyris.sunbelt-software.com> Sent: 10/1/08 2:55 PM Subject: RE: Need to take away internet access for a user.. Give the machine a static IP address and deny 80/443 traffic to/from that workstation on the PIX. Roger Wright Network Administrator Evatone, Inc. 727.572.7076 x388 _____ From: Chyka, Robert [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 01, 2008 2:49 PM To: NT System Admin Issues Subject: Need to take away internet access for a user.. We have a windows 2003 domain and a Cisco infrastructure at a small site (Pix 515, Cisco 3560s). what is the easiest way to take away internet access for a workstation? Is there anything I can do at the pix. Ie.block port 80 traffic for a certain ip etc.? The user is savvy....at first I added a fake proxy setting in IE, but they found it. Management doesn't want to tell them straight out yet.... Thanks for any help.. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~