Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
514
Views
0
Helpful
1
Replies

LAN to Internet Access Restriction Thru Pix.

tauseef
Level 1
Level 1

‎03-17-2004 08:25 PM

Hi Guys ,

I have a very small request and it seems very possible to get it working

but am missing things here and there.

I have a Pix 515 R with IOS Ver 6.1 and PDM 1.0

I have Internal 10 Users with LAN ip 192.168.1.1 - 192.168.1.10

PIx Gateway is 192.168.1.100

Query1. I would like only WWW, FTP , SMTP , POP3 Access to Users 192.168.1.1-192.168.1.5

Query2. I would like only www access to Clients 192.168.1.6 and NO Ftp,Smtp,Pop3 Access.

Query3. I would like Users on 192.168.1.7 and 192.168.1.8 to access only a specific Website say by IP address 198.133.219.25 Only.

Query4. Rest LAN hosts 192.168.1.9 and 192.168.1.10 to Each and Every site and each and Every port outside.

Could any one please help me with the Accesss-Lists and how I set them up achieve the same results.

Thanking you for your support .

God Bless.

Cheers.

Tauseef Ahmed

Network Support Engineer.

CAD Gulf LLC. Dubai.

tauseef@cadgulf.com

Labels:
0 Helpful
1 Reply 1

mostiguy
Level 6
Level 6

‎03-18-2004 07:30 AM

Note - where is your DNS server? Your hosts will need to be able to query the dns server. if it is inside, then dns requests will not pass the firewall, and this access list should work. if hosts need to query a dns server outside, you will need to add a few statements to this list

this block covers hosts 1-4

access-list inside permit tcp 192.168.1.0 255.255.255.252 any eq 80

access-list inside permit tcp 192.168.1.0 255.255.255.252 any eq 25

access-list inside permit tcp 192.168.1.0 255.255.255.252 any eq 21

access-list inside permit tcp 192.168.1.0 255.255.255.252 any eq 110

this covers host .5

access-list inside permit tcp 192.168.1.5 255.255.255.255 any eq 80

access-list inside permit tcp 192.168.1.5 255.255.255.255 any eq 25

access-list inside permit tcp 192.168.1.5 255.255.255.255 any eq 110

access-list inside permit tcp 192.168.1.5 255.255.255.255 any eq 21

host .6

access-list inside permit tcp 192.168.1.6 255.255.255.255 any eq 80

host .7 and .8

access-list inside permit tcp 192.168.1.7 255.255.255.255 198.133.219.25 eq 80

access-list inside permit tcp 192.168.1.8 255.255.255.255 198.133.219.25 eq 80

host .9 and .10

access-list inside permit ip 192.168.1.9 any

access-list inside permit ip 192.168.1.9 any

#####

access-group in inside inside

is the command to bind an access list to an interface

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents