Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

PIX Configuration

Unanswered Question
Apr 5th, 2004
User Badges:
  • Bronze, 100 points or more

I am configuring a PIX 515e. Want to deny all outgoing traffic but the ports I allow. I was trying to configure a service group to use inside of PDM for web traffic. I add http and https but the rule does not work.

I can deny all traffic but to try and allow it without using the all TCP traffic does not work.

Is there a list of what the services convert to and which are need to do simple transactions. (ie Browse the web and send and recieve email)

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
j.hato Tue, 04/06/2004 - 00:41
User Badges:


Here are the sample config:

object-group service InternetTCP tcp

port-object eq http

port-object eq https

port-object eq domain

access-list acl_out permit tcp host any object-group InternetTCP

access-group acl_out in interface inside.

Make sure the inside can connect to outside before you apply for the access-group.


Anonymous (not verified) Wed, 04/07/2004 - 15:10
User Badges:

Thank you for the info but once I apply the access group to the interface I lose the ability to browse.

Any ideas?

j.hato Wed, 04/07/2004 - 18:31
User Badges:


Try to log everything,

PIX(config)# logging timestamp

PIX(config)# logging buffer debugging

PIX(config)# logging on

PIX(config)# show log

Please verify the log, make sure your tcp traffic won;t got blocked. When blocked try to add the tcp/udp ports to the service-group



This Discussion