LAN to Internet Access Restriction Thru Pix.

Unanswered Question
Mar 17th, 2004
User Badges:

Hi Guys ,



I have a very small request and it seems very possible to get it working

but am missing things here and there.


I have a Pix 515 R with IOS Ver 6.1 and PDM 1.0


I have Internal 10 Users with LAN ip 192.168.1.1 - 192.168.1.10

PIx Gateway is 192.168.1.100


Query1. I would like only WWW, FTP , SMTP , POP3 Access to Users 192.168.1.1-192.168.1.5


Query2. I would like only www access to Clients 192.168.1.6 and NO Ftp,Smtp,Pop3 Access.


Query3. I would like Users on 192.168.1.7 and 192.168.1.8 to access only a specific Website say by IP address 198.133.219.25 Only.


Query4. Rest LAN hosts 192.168.1.9 and 192.168.1.10 to Each and Every site and each and Every port outside.


Could any one please help me with the Accesss-Lists and how I set them up achieve the same results.


Thanking you for your support .


God Bless.


Cheers.


Tauseef Ahmed

Network Support Engineer.

CAD Gulf LLC. Dubai.

[email protected]

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Note - where is your DNS server? Your hosts will need to be able to query the dns server. if it is inside, then dns requests will not pass the firewall, and this access list should work. if hosts need to query a dns server outside, you will need to add a few statements to this list



this block covers hosts 1-4


access-list inside permit tcp 192.168.1.0 255.255.255.252 any eq 80

access-list inside permit tcp 192.168.1.0 255.255.255.252 any eq 25

access-list inside permit tcp 192.168.1.0 255.255.255.252 any eq 21

access-list inside permit tcp 192.168.1.0 255.255.255.252 any eq 110


this covers host .5

access-list inside permit tcp 192.168.1.5 255.255.255.255 any eq 80

access-list inside permit tcp 192.168.1.5 255.255.255.255 any eq 25

access-list inside permit tcp 192.168.1.5 255.255.255.255 any eq 110

access-list inside permit tcp 192.168.1.5 255.255.255.255 any eq 21


host .6

access-list inside permit tcp 192.168.1.6 255.255.255.255 any eq 80


host .7 and .8

access-list inside permit tcp 192.168.1.7 255.255.255.255 198.133.219.25 eq 80

access-list inside permit tcp 192.168.1.8 255.255.255.255 198.133.219.25 eq 80


host .9 and .10

access-list inside permit ip 192.168.1.9 any

access-list inside permit ip 192.168.1.9 any


#####


access-group in inside inside


is the command to bind an access list to an interface




Actions

This Discussion