Can I block a specific internal IP or range of IP from accessing the outside interface ie internet on a PIX 501. If so, I was hoping for a little help with the command line. Thanks in advance!
- posted
17 years ago
Block internal IP with Cisco PIX 501
Loading thread data ...
- Vote on answer
- posted
17 years ago
You have to define an access-list that matches the IP range you want to block, e.g. access-list nointernet deny 1.2.3.0 255.255.255.0 access-group nointernet out interface outside This should do the trick.
Regards, Christoph Gartmann
- Vote on answer
- posted
17 years ago
You can't apply an access list 'out' on the outside interface on a Pix 501. That is only supported in version 7.
Try ..
access-list nointernet deny ip 1.2.3.0 255.255.255.0 any access-list nointernet permit ip any any
access-group nointernet in interface inside
Or, you just set up NAT/PAT for the networks that you wish to have outbound access.
Chris.
- Vote on answer
- posted
17 years ago
Thanks!