mi spiegate uan cosa please

[valerio1976]

Current configuration : 4043 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Levan
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
memory-size iomem 5
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
!

!
ip domain name xxxx.it
ip name-server 212.216.112.122
!
!
interface Null0
no ip unreachables
!
!
enable password xxxx
!
!
crypto isakmp policy 20
encr 3des
authentication pre-share
group 2
crypto isakmp key 123456 address 89.97.xxx.xx
!
!
crypto ipsec transform-set myset esp-3des esp-sha-hmac
!
crypto map mymap 10 ipsec-isakmp
set peer 89.97.xxx.xxx
set security-association lifetime kilobytes 86400
set security-association lifetime seconds 28800
set transform-set myset
match address 101
!
!
!
interface FastEthernet0/0
description *** lan inside ***
ip address 192.168.16.201 255.255.255.0
ip access-group 110 in
ip nat inside
no ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
description *** Wan point-point ***
ip address 217.24.xxx.xxx 255.255.255.252
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting access-violations
ip nat outside
ip virtual-reassembly
ip tcp adjust-mss 1412
duplex auto
speed auto
no cdp enable
no mop enabled
crypto map mymap
!
ip classless
ip route 0.0.0.0 0.0.0.0 217.24.xxx.xxx
!
ip http server
no ip http secure-server
ip nat inside source list 102 interface FastEthernet0/1 overload
!
no access-list 100
no access-list 102
no access-list 101
no access-list 110
no access-list 120
access-list 101 remark
access-list 101 permit ip 192.168.16.0 0.0.0.255 192.168.4.0 0.0.3.255
access-list 102 deny ip 192.168.16.0 0.0.0.255 192.168.4.0 0.0.3.255
access-list 103 deny ip 192.168.16.0 0.0.0.255 host www.facebook.it
access-list 103 deny ip 192.168.16.0 0.0.0.255 host www.facebook.com
access-list 103 deny ip 192.168.16.0 0.0.0.255 host www.facebook.co.uk
access-list 103 deny ip 192.168.16.0 0.0.0.255 host www.youporn.com
access-list 103 deny ip 192.168.16.0 0.0.0.255 host www.redtube.com
access-list 103 deny ip 192.168.16.0 0.0.0.255 host www.youtube.it
access-list 103 deny ip 192.168.16.0 0.0.0.255 host www.youtube.com
access-list 103 permit icmp any host 192.168.16.201 echo-reply
access-list 103 permit icmp any host 192.168.16.201 time-exceeded
access-list 103 permit icmp any host 192.168.16.201 unreachable
access-list 103 deny ip 10.0.0.0 0.255.255.255 any
access-list 103 deny ip 172.16.0.0 0.15.255.255 any
access-list 103 deny ip 127.0.0.0 0.255.255.255 any
access-list 103 deny ip host 255.255.255.255 any
access-list 103 deny ip host 0.0.0.0 any
access-list 103 permit ip 192.168.16.0 0.0.0.255 any
access-list 103 deny ip any any
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 5
password test
login
!
!
end


mi spiegate una cosina ma se io volessi bloccare i siti che ho messo nelle ACL 103 la devo applicare all'interfaccia interna giusto ?

Io ho provato si in che out solo che mi si blocca tutto
ma dov'è che sbaglio ?

Grazie

[ciscomanagement]

Sezione sbagliata, posta in "configurazioni"

[valerio1976]

Sezione sbagliata, posta in "configurazioni"

sorry

grazie