Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX 501 used to block part of subnet

I have a PIX 501 with a single inside network of 192.168.0.1/24. I need to block all IPs above .128 from getting outside.

My question is this -- should I configure two internal networks of 192.168.0.0/25 and 192.168.0.129/25? Or, can I leave the single network of 192.168.0.0/24 and just implement a rule to Deny outbound from inside 192.168.0.129 255.255.255.128 ?

1 REPLY
Hall of Fame Super Blue

Re: PIX 501 used to block part of subnet

Hi

No need to renumber your internal LAN.

As you say you can just use the second half of the subnet in the access-list on the pix ie.

access-list deny ip 192.168.0.128 255.255.255.128 any

access-list permit ip 192.168.0.0 255.255.255.128 any

HTH

Jon

142
Views
4
Helpful
1
Replies