Block IP range in PIX - Cisco Community

256

Views

0

Helpful

1

Replies

What would the config look like if I wanted to block an IP range like XXX.78.0.0 - XXX.83.255.255?

PIX 515/version 4.4 <I know it's old!

1 Reply 1

I think PIX OS 4.4 does not support access-lists right?

access-list example:

NOTE: Be sure that the deny statements are in the first lines of the access-list and the permits after.

PIX(config)# access-list acl-outside deny ip X.X.78.0.0 255.255.0.0 any

PIX(config)# access-list acl-outside deny ip X.X.79.0.0 255.255.0.0 any

PIX(config)# access-list acl-outside deny ip X.X.80.0.0 255.255.252.0 any

PIX(config)# access-list acl-outside permit ...(Rest of the permit access-lists otherwise all traffic is blocked)

PIX(config)# access-group acs-outside in interface outside

Conduit example:

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a008008c13c.html#55834

conduit deny ip any X.X.78.0.0 255.255.0.0

conduit deny ip any X.X.79.0.0 255.255.0.0

conduit deny ip any X.X.80.0.0 255.255.252.0

conduit permit tcp .....

I think it would be good to upgarde your PIX !

There are a lot of nice features !

sincerely

Patrick

Learn, share, save

Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.

New here? Get started with these tips. How to use Community New member guide

Log in to Community

Review Cisco Networking for a $25 gift card