Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Allowing internet access only for specific computers on PIX firewall

Hello, I'm a college student working on a lab involving a Cisco PIX 501 Firewall.

My project involves 1 computer and a firewall. My goal is to use the firewall to allow access to the internet for that computer which uses a static IP 192.168.1.5 and ONLY for that IP address. The firewall is connected to the internet.

I have the computer hooked up to the firewall with the serial and using hyper terminal to enter commands. I think I need to use access lists in order to deny traffic on those ports for those particular hosts. I can't figure out exactly how I need to set it up.

What I need to do is permit internet access for 192.168.1.5 alone. Any other IP should not be able to access the internet.

I tried:

access-list 1 permit tcp host 192.168.1.5 any eq 80

access-group 1 in interface inside

I cannot access the internet using the computer with 192.168.1.5. The goal is to be able to access with that IP and no other. Sorry again for getting the question wrong the first time.

6 REPLIES

Blocking internet access for specific computers on PIX firewall

Hello Nick,

Are you sure you are browsing to a http site instead of an https site?

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Community Member

Re: Blocking internet access for specific computers on PIX firew

Thanks for the answer, but I actually just realized I had the problem wrong.

What I need to do is permit internet access for 192.168.1.5 alone. Any other IP should not be able to access the internet.

I tried:

access-list 1 permit tcp host 192.168.1.5 any eq 80

access-group 1 in interface inside

I cannot access the internet using the computer with 192.168.1.5. The goal is to be able to access with that IP and no other. Sorry again for getting the question wrong the first time. And I am accessing an http, not https. Thanks.

Allowing internet access only for specific computers on PIX fire

Hello,

lol, now everything makes sense!

You need to add the following:

access-list 1 permit tcp host 192.168.1.5 any eq 443

access-list 1 permit udp host 192.168.1.5 any eq 53

Rate helpful posts

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Re: Blocking internet access for specific computers on PIX firew

Let me know if you need something else!

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Community Member

Allowing internet access only for specific computers on PIX fire

Nick,

If your DNS server lies outside of the ASA (4.2.2.1 for example), you will have to also allow DNS outbound.  Are you browsing via IP Address or FQDN?

Allowing internet access only for specific computers on PIX fire

Hi Clayton,

On the ACL I have configured we already allow DNS as shown here :

access-list 1 permit udp host 192.168.1.5 any eq 53

Regards,

Rate helpful posts

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
1079
Views
10
Helpful
6
Replies
CreatePlease to create content