Allowing specific subnet out

Unanswered Question
Feb 12th, 2009
User Badges:

I have a question I have a pix 515E and what I would like to do is allow a certain subnet out to only talk to a specific subnet out on the internet how would I do that? So for example I have a user subnet on the 10.255.186.0/24 subnet and would like that subnet to only talk to 216.230.140.0/24 subnet. I want to block everything else internally to talk to that subnet. How can I do that?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Thu, 02/12/2009 - 06:42
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Warren


Assuming you don't want to stop other traffic to other subnets -


access-list inside_out permit ip 10.255.186.0 255.255.255.0 216.230.140.0 255.255.255.0

access-list inside_out deny ip any 216.230.140.0 255.255.255.0

access-list inside_out permit ip any any


access-group inside_out in interface inside


Jon

wgranada1 Thu, 02/12/2009 - 06:48
User Badges:

Well the way things are set up is that everything goes through a proxy server I would like subnet 10.255.186.0/24 to by pass the proxy server and be the only subnet that can talk to the 216.230.140.0/24 everthing else would be blocked. Also I want the 10.255 subnet to only to talk to that subnet any other attempt to go out the internet would be routed through the proxy server, what you posted that will accomplish this?

Actions

This Discussion