Solved: Re: How do I block outbound traffic to a subnet?

jreimer · ‎02-18-2004

I want to block all outbound traffic to a subnet. Say, 12.34.56.x 255.255.255.0

What is a easiest/best way to accomplish this?

Thanks,

Jay

mostiguy · ‎02-18-2004

you cannot block outbound on an interface with a pix, you can with IOS. on a pix, you need to block the traffic on a different interface. generally, this is done on the inside interface

access-list inside deny ip any 12.34.56.0 255.255.255.0

access-list inside permit ip any any

access-group inside in interface inside

will block that traffic from entering the inside interface, and thus is will not go thru the pix to the outside world

View solution in original post

mostiguy · ‎02-18-2004

you cannot block outbound on an interface with a pix, you can with IOS. on a pix, you need to block the traffic on a different interface. generally, this is done on the inside interface

access-list inside deny ip any 12.34.56.0 255.255.255.0

access-list inside permit ip any any

access-group inside in interface inside

will block that traffic from entering the inside interface, and thus is will not go thru the pix to the outside world