Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Blocking Urs from PIX506E

Hi,

I am trying to block url/ips on PIX from Inside.For this i used have to complete 3 tasks.

>> Give access to a specified internal IP "10.5.1.4" to all outsie IP/Urls on any port.

>> Block all Internal Ips on Specified IP/Url

>>Give all Internal IPs Access to all other URL/IPs

I have to configure all this in one Access-List and it should be specified on IN at interface INSIDE.

Thanks

Chetan

3 REPLIES

Re: Blocking Urs from PIX506E

Hello Chetan

What exactly is your question. Your ACLs look fine. Isnt it working? the ACL will allow IP access to 10.5.1.4, block some IP's and allow the rest..

do let us know the exact question.

Regards

Raj

New Member

Re: Blocking Urs from PIX506E

Thanks,

Current situation is thier are many application/sites running on Outside interface of my PIX and i want to block one of them which is on IP address 198.168.5.6

Only IP address 10.5.1.4 can access this website on port 80

For this I used following Access-list:

>>access-list outbound permit ip host 10.5.1.4 host 198.168.5.6

>>access-list outbound deny tcp any host 198.168.5.6 eq www

>>access-list outbound permit ip any any

In this access-list the line 1 i want ip address 10.5.1.4 access to all websites(No Restrictions)

So i tried this

>>>access-list outbound permit ip host 10.5.1.4 host any any

But it doesnt work

Thanks

Chetan

New Member

Re: Blocking Urs from PIX506E

Hello Chetan,

looks like a typo:

access-list outbound permit ip host 10.5.1.4 host any any

Try one of these:

access-list outbound permit ip host 10.5.1.4 any

or

access-list outbound permit udp host 10.5.1.4 any eq domain

access-list outbound permit tcp host 10.5.1.4 any eq www

HTH

115
Views
0
Helpful
3
Replies
CreatePlease to create content