02-06-2006 07:17 AM - edited 03-09-2019 01:51 PM
Hi,
I am trying to block url/ips on PIX from Inside.For this i used have to complete 3 tasks.
>> Give access to a specified internal IP "10.5.1.4" to all outsie IP/Urls on any port.
>> Block all Internal Ips on Specified IP/Url
>>Give all Internal IPs Access to all other URL/IPs
I have to configure all this in one Access-List and it should be specified on IN at interface INSIDE.
Thanks
Chetan
02-06-2006 09:18 AM
Hello Chetan
What exactly is your question. Your ACLs look fine. Isnt it working? the ACL will allow IP access to 10.5.1.4, block some IP's and allow the rest..
do let us know the exact question.
Regards
Raj
02-06-2006 09:19 PM
Thanks,
Current situation is thier are many application/sites running on Outside interface of my PIX and i want to block one of them which is on IP address 198.168.5.6
Only IP address 10.5.1.4 can access this website on port 80
For this I used following Access-list:
>>access-list outbound permit ip host 10.5.1.4 host 198.168.5.6
>>access-list outbound deny tcp any host 198.168.5.6 eq www
>>access-list outbound permit ip any any
In this access-list the line 1 i want ip address 10.5.1.4 access to all websites(No Restrictions)
So i tried this
>>>access-list outbound permit ip host 10.5.1.4 host any any
But it doesnt work
Thanks
Chetan
02-07-2006 03:34 AM
Hello Chetan,
looks like a typo:
access-list outbound permit ip host 10.5.1.4 host any any
Try one of these:
access-list outbound permit ip host 10.5.1.4 any
or
access-list outbound permit udp host 10.5.1.4 any eq domain
access-list outbound permit tcp host 10.5.1.4 any eq www
HTH
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: