I need to do the following:
nat (inside) 1 0 0
global (outside) 1 interface
access-list External permit icmp any any echo-reply
access-list External deny ip any any log
access-list Internal permit tcp any any eq 23
access-list Internal permit tcp any any eq 80
access-list Internal permit udp any any eq 53
access-group External in interface outside
access-group Internal in interface inside
Problem is that user on the inside use AOL instant messgenging via port 23 and
I would like to block them from using
AOL IM on port 23 but I also would like
to allow legitimate telnet to go through.
I do NOT want to block AOL destination IM
Server in the ACL. I want to be the Pix to be smart enough to be able to accomplish via application inspection.
I can do this rather easily with Checkpoint SmartDefense which is builtin
with Checkpoint firewall. I am migrating
over to Cisco Pix and I would like to do
the same thing.
Any ideas on how to do this? Thanks.