# Cisco 1700 Configuration



## jeromemathew (Oct 24, 2006)

Hi All
I am in search for a long standing problem at my workplace. We are a small setup. anybody can access anynetwork resource... internet etc. i want to make it more controllable. 
here my problem
we are in a Class C network our network protected by Pix firewall(NAT). and our network connected to another class C network thru a cisco 1700 router also. now i have the router ip at the default gateway in all the machines. router routes the requests for the other class c network to there and rest of the requests to pix and it goes to internet. now i want to have a restriction on the requests goes to internet. what i thought in simple terms as below

if {request from ip} between 192.168.1.1 to 192.168.1.10 
Router should route to either to 192.168.2.0 or internet
elseif {request from ip} between 192.168.1.11 to 192.168.1.249
Router should route only to 192.168.2.0 (not to internet)
endif

can anybody help me to advice on the proper router commands?

Hope this clarifies my request, if any more info required pls let me know.

regret the improper grammer and punctuation!

regards 
jerome


----------



## cjessee (Aug 22, 2005)

Which are you trying to control? Internet access, or resource access?


----------



## jeromemathew (Oct 24, 2006)

Hi
Basically i want to control the internet access for the users...


----------



## cjessee (Aug 22, 2005)

The only way that I can think to do it would be with a firewall or with a domain controller... or with the internal DNS. I don't think that the cisco switch has the features to filter what sites they go to and which one they do not. Although, you could remove access of the internet all together by putting the users you want to limit on their own switch and then making sure that switch does not have a gateway. But this will require that you still pass down a GPO that limits their ability to change their TCP/IP configurations. So if you are going to do that... just put in a false gateway and lock it down.

I personally have a software firewall out in front in which I can filter domain names. So I have things like myspace.com and games.yahoo.com blocked so they can't go to these sites. Is this what you are looking for?


----------

