×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

PIX Configuration

Unanswered Question
Apr 5th, 2004
User Badges:
  • Bronze, 100 points or more

I am configuring a PIX 515e. Want to deny all outgoing traffic but the ports I allow. I was trying to configure a service group to use inside of PDM for web traffic. I add http and https but the rule does not work.


I can deny all traffic but to try and allow it without using the all TCP traffic does not work.


Is there a list of what the services convert to and which are need to do simple transactions. (ie Browse the web and send and recieve email)

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
j.hato Tue, 04/06/2004 - 00:41
User Badges:

HI,


Here are the sample config:


object-group service InternetTCP tcp

port-object eq http

port-object eq https

port-object eq domain


access-list acl_out permit tcp host 10.5.70.25 any object-group InternetTCP


access-group acl_out in interface inside.


Make sure the inside can connect to outside before you apply for the access-group.



HATO

Anonymous (not verified) Wed, 04/07/2004 - 15:10
User Badges:

Thank you for the info but once I apply the access group to the interface I lose the ability to browse.


Any ideas?

j.hato Wed, 04/07/2004 - 18:31
User Badges:

Hi,


Try to log everything,


PIX(config)# logging timestamp

PIX(config)# logging buffer debugging

PIX(config)# logging on


PIX(config)# show log


Please verify the log, make sure your tcp traffic won;t got blocked. When blocked try to add the tcp/udp ports to the service-group


HATO

Actions

This Discussion