Block internal IP with Cisco PIX 501

Discussion in 'Cisco' started by jawdoc, Mar 6, 2007.

  1. jawdoc

    jawdoc Guest

    Can I block a specific internal IP or range of IP from accessing the
    outside interface ie internet on a PIX 501.
    If so, I was hoping for a little help with the command line.
    Thanks in advance!
     
    jawdoc, Mar 6, 2007
    #1

    1. Advertisements

  2. jawdoc

    Christoph Gartmann Guest

    You have to define an access-list that matches the IP range you want to block,
    e.g.
    access-list nointernet deny 1.2.3.0 255.255.255.0
    access-group nointernet out interface outside
    This should do the trick.

    Regards,
    Christoph Gartmann

    --
    Max-Planck-Institut fuer Phone : +49-761-5108-464 Fax: -452
    Immunbiologie
    Postfach 1169 Internet: [email protected] dot mpg dot de
    D-79011 Freiburg, Germany
    http://www.immunbio.mpg.de/home/menue.html
     
    Christoph Gartmann, Mar 7, 2007
    #2

    1. Advertisements

  3. jawdoc

    chris Guest


    You can't apply an access list 'out' on the outside interface on a Pix 501.
    That is only supported in version 7.

    Try ..

    access-list nointernet deny ip 1.2.3.0 255.255.255.0 any
    access-list nointernet permit ip any any

    access-group nointernet in interface inside

    Or, you just set up NAT/PAT for the networks that you wish to have outbound
    access.

    Chris.
     
    chris, Mar 7, 2007
    #3
  4. jawdoc

    jawdoc Guest

    Thanks!
     
    jawdoc, Mar 7, 2007
    #4

    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.
Similar Threads

  1. Cisco PIX 501 Problem reaching internal networks

  2. PIX 501 <-> PIX 501 - Problem contating private networks on the inside

  3. Cisco PIX 501 - Port forwarded to an internal host via Static NAT doesn't work from internal host

  4. Cisco pix 501 vs 501-50

  5. PIX 501 - resolving internal host ip with public ip

  6. Can connect to PIX 501 with VPN client and ping internal addresses but some issues

  7. Cisco PIX 501 - VPNC connections blocked from internal lan to externalend-point

  8. Block inbound ports 443 and 22 on a Cisco PIX 501

Loading...