Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX 525 access-list

I know this should be simple, however, I'm having some difficulty making this work. I'm using version 5.3

I'm trying to block access to the internet to 172.16.39.X. Anything on this network should NOT be able to access the internet.

I'm using the access-list and access-group commands but I must have some syntax errors or something as it doesn't appear to be blocking access. COuld someone provide a practical syntax for this address with subnet 255.255.255.0 so I can see if perhaps I'm simply making an error in the entry. I'm new to PIX so I wouldn't be terribly surprised.

Thanks,

Dave

1 ACCEPTED SOLUTION

Accepted Solutions
Silver

Re: PIX 525 access-list

You can do this in multiple ways:

1. You can exclude this range from your NAT. This will not allow this range to go out to the internet.

2. On your inside interface, apply this rule:

access-list insideACL deny ip 172.16.39.0 255.255.255.0 any

access-list insideACL permit ip any any

Hope this helps.

2 REPLIES
Silver

Re: PIX 525 access-list

You can do this in multiple ways:

1. You can exclude this range from your NAT. This will not allow this range to go out to the internet.

2. On your inside interface, apply this rule:

access-list insideACL deny ip 172.16.39.0 255.255.255.0 any

access-list insideACL permit ip any any

Hope this helps.

New Member

Re: PIX 525 access-list

rais,

Thanks for your input! This resolved the problem and I can now move forward with the required configurations.

Thanks again,

Dave

107
Views
0
Helpful
2
Replies
CreatePlease login to create content