03-26-2002 10:04 AM - edited 03-08-2019 10:09 PM
I want to be able to block my clients from any unwanted ip address and/or ports. I've tried using a "conduit deny" but it didn't work. any ideas?
Hardware:
Pix 506
IOS:
Ver. 5.2
03-26-2002 11:46 AM
you can use
outbound apply command
for e.g denying users to this ip 205.188.245.121 for http
outbound 12 deny 205.188.245.121 255.255.255.255 80 tcp
apply (inside) 12 outgoing_dest
03-26-2002 04:46 PM
I'm using version 6.1.3 - you can issue
pix(conf)# "shun 123.123.123.123"
this will deny that web address from reaching user.
04-05-2002 06:07 AM
Here's an example that would only allow your clients to use HTTP and telnet:
access-l acl_in permit tcp any any eq www
access-l acl_in permit tcp any any eq telnet
access-g acl_in in interface inside
The implicit deny will block everything else. I don't recall which IOS version introduced access-list support, so you may have to upgrade. Hope this helps.
04-08-2002 06:48 AM
Hi,
you can configure access-list instead the conduits or, if you use a firmware after a 6.0 you can use
the shunning command.
Bye,
Graz.
04-08-2002 10:57 AM
Thanks for all the input.
What I was trying to accomplish was to be able to shutdown access Morpheus and other internet based applications on our network. It was getting to the point that band width was a minium.
I ended up using the outbound and apply commands to do this. Restricting all connections except some specific ports. The only thing is, I can see this possiblly becoming a management nightmare in the future.
Thanks again
04-08-2002 11:08 PM
hi,
for bloking Morpheus and other kazaa application you must to deny the access at the destination tcp port 1214.
regards,
graz.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: