Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

acl written & applied correctly?


In a PIX 515, os Version 6.3(5), I want to prevent traffic TCP ports 445, 3066, 3067 from going from inside to outside (due to us having gotten blacklisted for outgoing Korgo traffic).

Here's the relevant config:

access-list acl_outbound deny tcp any any eq 3067

access-list acl_outbound deny tcp any any eq ident

access-list acl_outbound deny tcp any any eq 445

access-list acl_outbound permit ip any any

access-group acl_outbound in interface inside

(Pix translated 3066 to ident...)

When I first applied this, I got a few hits on the ACEs for 445 & ident right away. Several months pass, and I find we've gotten blacklisted again, again because of Korgo. I check the ACEs over a couple or three days - no activity the first 2 days, then today 9 more hits on 445, 3 more on ident.

So, the ACL does something... But, is it correct for blocking traffic going from inside to outside?

(Initiatives are underway to get CSA & NAC installed, but for the moment I have to rely on the firewall to keep bad things from getting out...)

Cisco Employee

Re: acl written & applied correctly?

this config looks good...why dont you clear the counters of access-list and then notice the counters

clear access-l acl_outbound counters

if the activity is on these ports then definitely they are blocked

Re: acl written & applied correctly?


The few matches that you see on the ACL shouldn't warrant someone to blacklist your network. In addition to TCP deny UDP for those ports as well and see if that makes a difference.