Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

PIX Configuration

I am configuring a PIX 515e. Want to deny all outgoing traffic but the ports I allow. I was trying to configure a service group to use inside of PDM for web traffic. I add http and https but the rule does not work.

I can deny all traffic but to try and allow it without using the all TCP traffic does not work.

Is there a list of what the services convert to and which are need to do simple transactions. (ie Browse the web and send and recieve email)

3 REPLIES
New Member

Re: PIX Configuration

HI,

Here are the sample config:

object-group service InternetTCP tcp

port-object eq http

port-object eq https

port-object eq domain

access-list acl_out permit tcp host 10.5.70.25 any object-group InternetTCP

access-group acl_out in interface inside.

Make sure the inside can connect to outside before you apply for the access-group.

HATO

Anonymous
N/A

Re: PIX Configuration

Thank you for the info but once I apply the access group to the interface I lose the ability to browse.

Any ideas?

New Member

Re: PIX Configuration

Hi,

Try to log everything,

PIX(config)# logging timestamp

PIX(config)# logging buffer debugging

PIX(config)# logging on

PIX(config)# show log

Please verify the log, make sure your tcp traffic won;t got blocked. When blocked try to add the tcp/udp ports to the service-group

HATO

94
Views
0
Helpful
3
Replies
CreatePlease to create content