Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Configure PIX to block outbound traffic.

I am trying to configure my PIX to block outgoing traffic to a specific IP range. Below is the line that I put into the PIX...

access-list inside_access_out deny ip any 63.246.130.0 255.255.255.255

access-group inside_access_out in interface inside

With this line of code, all outgoing traffic is block, no matter where it is going. Any idea what I am missing?

Thanks,

Michael Laro

mlaro@devine.com

4 REPLIES
Cisco Employee

Re: Configure PIX to block outbound traffic.

Always remember that there's an implict "deny everything" at the end of an access-list. By adding one line with a specific deny as you have, there's an additional line after that that says "deny everything else" and so everything is blocked. What you want is the following:

access-list inside_access_out deny ip any 63.246.130.0 255.255.255.255

access-list inside_access_out permit ip any any

access-group inside_access_out in interface inside

and you should be good to go.

Community Member

Re: Configure PIX to block outbound traffic.

Will the Pix translate the address/mask to all hosts on that network given the mask of 255.255.255.255?

Silver

Re: Configure PIX to block outbound traffic.

That mask is for one host only.

Community Member

Re: Configure PIX to block outbound traffic.

Perfect! I put this config in and it worked great. I did however, following the other posts change the netmask from 255.255.255.255 to 255.255.255.0.

Thanks!

466
Views
0
Helpful
4
Replies
CreatePlease to create content