Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Blocking access to a Outside IP from Internal Interface

Hi ,

I am trying to stop access to this specified IP on outside interface of MY PIX 506E and want to allow only one Internal IP to access that IP. For this following are the commands given by me.

access-list outbound permit ip host 10.1.1.225 255.255.255.255 192.168.1.10 eq www

access-list outbound deny tcp any host 192.168.1.10 eq www

access-group outbound in interface inside

Is this work

Chetan

3 REPLIES

Re: Blocking access to a Outside IP from Internal Interface

chetan,

you need to give the following ACL:

access-list outbound permit tcp host 10.1.1.225 host 192.168.1.10 eq www

access-list outbound deny tcp any host 192.168.1.10 eq www

access-group looks fine...

Note: any other traffic apart from this will be blocked as there will be a deny ip any any at the end..

hope this helps.. all the best...

Regards

Raj

Gold

Re: Blocking access to a Outside IP from Internal Interface

the posted acl will definitely achieve what your objective is, however, it also means that the only allowed outbound traffic is "10.1.1.225 255.255.255.255 192.168.1.10 eq www".

i.e. inside host can't broswing any other website, nor can they send an email over the internet. in fact, the host 10.1.1.225 may not be able to broswe 192.168.1.10 since the dns has also been blocked.

assuming you would like to allow all outbound traffic, but not 192.168.1.10.

access-list outbound permit ip host 10.1.1.225 255.255.255.255 192.168.1.10 eq www

access-list outbound deny tcp any host 192.168.1.10 eq www

access-list outbound permit ip any

access-group outbound in interface inside

Community Member

Re: Blocking access to a Outside IP from Internal Interface

Thanks Raj

Thanks Jackko

It workes there is two another issue,query.

>>>10.1.1.225 need to access all web and all other Intranet IP's should be blocked.

Thanks once again

Chetan

101
Views
0
Helpful
3
Replies
CreatePlease to create content