09-29-2003 12:45 PM - edited 02-20-2020 11:01 PM
I am trying to configure my PIX to block outgoing traffic to a specific IP range. Below is the line that I put into the PIX...
access-list inside_access_out deny ip any 63.246.130.0 255.255.255.255
access-group inside_access_out in interface inside
With this line of code, all outgoing traffic is block, no matter where it is going. Any idea what I am missing?
Thanks,
Michael Laro
09-29-2003 05:34 PM
Always remember that there's an implict "deny everything" at the end of an access-list. By adding one line with a specific deny as you have, there's an additional line after that that says "deny everything else" and so everything is blocked. What you want is the following:
access-list inside_access_out deny ip any 63.246.130.0 255.255.255.255
access-list inside_access_out permit ip any any
access-group inside_access_out in interface inside
and you should be good to go.
09-29-2003 10:41 PM
Will the Pix translate the address/mask to all hosts on that network given the mask of 255.255.255.255?
09-30-2003 06:39 AM
That mask is for one host only.
10-06-2003 05:47 AM
Perfect! I put this config in and it worked great. I did however, following the other posts change the netmask from 255.255.255.255 to 255.255.255.0.
Thanks!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: