We have PIX 515 with version 6.3(1).Most of the users use seperate proxy server for internet access. Some of them are allowed to access internet without proxy which is allowed through inside interface access-list. Some users who suppose to use internet through proxy server, has tried to use PIX inside interface IP as their proxy and they can access the internet. But we have not allowed their IPs in the inside access-list. we are using PAT [ nat (inside) 0.0.0.0 0.0.0.0 , Global (outside) interface]
In this case, those users are using PIX as their proxy and accessing internet which we cannot control.
I have tried to use access-list for NAT statement but it is not supporting and giving the following error(looks like access-lists can be applied only for nat 0)
pix(config)# nat (inside) 1 access-list acl-in-nat
ERROR: invalid nat ID, <1>, with access-list
Usage: [no] nat [(<if_name>)] <nat_id> <local_ip> [<mask>
[<max_conns> [emb_limit> [<norandomseq>]]]]
[no] nat [(if_name)] 0 [access-list <acl-name> [outside]]
Please suggest a solution.