Block internal IP with Cisco PIX 501

Discussion in 'Cisco' started by jawdoc, Mar 6, 2007.

  1. jawdoc

    jawdoc Guest

    Can I block a specific internal IP or range of IP from accessing the
    outside interface ie internet on a PIX 501.
    If so, I was hoping for a little help with the command line.
    Thanks in advance!
    jawdoc, Mar 6, 2007
    1. Advertisements

  2. You have to define an access-list that matches the IP range you want to block,
    access-list nointernet deny
    access-group nointernet out interface outside
    This should do the trick.

    Christoph Gartmann

    Max-Planck-Institut fuer Phone : +49-761-5108-464 Fax: -452
    Postfach 1169 Internet: [email protected] dot mpg dot de
    D-79011 Freiburg, Germany
    Christoph Gartmann, Mar 7, 2007
    1. Advertisements

  3. jawdoc

    chris Guest

    You can't apply an access list 'out' on the outside interface on a Pix 501.
    That is only supported in version 7.

    Try ..

    access-list nointernet deny ip any
    access-list nointernet permit ip any any

    access-group nointernet in interface inside

    Or, you just set up NAT/PAT for the networks that you wish to have outbound

    chris, Mar 7, 2007
  4. jawdoc

    jawdoc Guest

    jawdoc, Mar 7, 2007
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.