PIX 501 used to block part of subnet

Unanswered Question
Apr 20th, 2007

I have a PIX 501 with a single inside network of I need to block all IPs above .128 from getting outside.

My question is this -- should I configure two internal networks of and Or, can I leave the single network of and just implement a rule to Deny outbound from inside ?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Jon Marshall Sat, 04/21/2007 - 05:43


No need to renumber your internal LAN.

As you say you can just use the second half of the subnet in the access-list on the pix ie.

access-list deny ip any

access-list permit ip any




This Discussion