topic When you name the interface in Network Security

How to allow all outgoing traffic and block all incoming traffic with access list?

N5fGc9uYr — Tue, 12 Mar 2019 06:31:18 GMT

Using Cisco PIX 515E firewall

Version 7.2(4)25

Unrestricted (UR) license

This is my current configuration:

config t
int e0
ip address dhcp setroute
nameif outside
no shut

int e1
ip address 10.1.1.1 255.0.0.0
nameif inside
no shut
exit

global (outside) 1 inter
nat (inside) 1 10.0.0.0 255.0.0.0

icmp deny any outside

When you name the interface

Puneesh Chhabra — Sun, 30 Aug 2015 04:15:50 GMT

When you name the interface as "inside", it automatically acquires the security level 100 and outside would be 0. So, by default all outgoing traffic is allowed and incoming is blocked.

If you want to do it explicitly, you can specify ACLs and apply them on the interface.

Regards,

Puneesh

Please rate helpful posts

Yes I know how to do it by

N5fGc9uYr — Sun, 30 Aug 2015 05:44:50 GMT

Yes I know how to do it by using security levels inside 100 and outside 0.

But for educational purposes I wanted to know how to do it explicitly via access list in a simple way.

No fancy setups if possible.

For outbound traffic: access

Puneesh Chhabra — Sun, 30 Aug 2015 05:55:16 GMT

For outbound traffic:

access-list Inside_allow_all permit ip any any

access-group Inside_allow_all in interface inside

For inbound traffic

access-list Outside_Restricted deny ip x.x.x.x x.x.x.x

access-group Outside_Restricted in interface outside

Regards,

Puneesh

Please rate helpful posts

For inbound traffic:The deny

N5fGc9uYr — Sun, 30 Aug 2015 07:03:36 GMT

For inbound traffic:

The deny ip x.x.x.x x.x.x.x should be?

my local ip

my public ip

my private ip

my gateway

dhcp setroute

any any

I use any any in x.x.x.x x.x

N5fGc9uYr — Sun, 30 Aug 2015 08:26:04 GMT

I use any any in x.x.x.x x.x.x.x

It took all the commands properly

Thanks, great support