Block internal IP with Cisco PIX 501

Can I block a specific internal IP or range of IP from accessing the outside interface ie internet on a PIX 501. If so, I was hoping for a little help with the command line. Thanks in advance!

Reply to
Loading thread data ...

You have to define an access-list that matches the IP range you want to block, e.g. access-list nointernet deny access-group nointernet out interface outside This should do the trick.

Regards, Christoph Gartmann

Reply to
Christoph Gartmann

You can't apply an access list 'out' on the outside interface on a Pix 501. That is only supported in version 7.

Try ..

access-list nointernet deny ip any access-list nointernet permit ip any any

access-group nointernet in interface inside

Or, you just set up NAT/PAT for the networks that you wish to have outbound access.


Reply to


Reply to
jawdoc Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.