I'm new at PIX configuration and have the following pb :
I have 2 PIX connected via VPN LAN-to-LAN.
Network_A behind PIX_A and network_B behind PIX_B can fully communicate.
Then I want to prevent one PC (PC_A) from network_A to communicate with one PC (PC_B) in network_B.
To do that, I configured an ACL on PIX_A :
access-list ACL_A_inside deny ip host <PC_A IPaddr> host <PC_B IPaddr>
access-list ACL_A_inside permit ip <network_A> <network_mask> <network_B> <network_mask>
access-list ACL_A_inside deny ip any any
access-group ACL_A_inside in interface inside
The problem is that PC_A can still initiate the communication (ping, http ...) to PC_B and when issuing the sh access-list ACL_A_inside command, I have 0 hitcnt nor for the deny ACE concerning the 2 PCs, neither for the permit ACE concerning the networks.
I only have 2 or 3 matches for the last deny ip any any but appeared before trying to ping or http from PC_A to PC_B.
I can't understand. All is getting as if I had no ACL configured, or no deny ACE.
Can anyone help me please ?
Thanks in advance