Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
868
Views
0
Helpful
4
Replies

Configure PIX to block outbound traffic.

smartnet
Level 1
Level 1

‎09-29-2003 12:45 PM - edited ‎02-20-2020 11:01 PM

I am trying to configure my PIX to block outgoing traffic to a specific IP range. Below is the line that I put into the PIX...

access-list inside_access_out deny ip any 63.246.130.0 255.255.255.255

access-group inside_access_out in interface inside

With this line of code, all outgoing traffic is block, no matter where it is going. Any idea what I am missing?

Thanks,

Michael Laro

mlaro@devine.com

0 Helpful
4 Replies 4

gfullage
Cisco Employee
Cisco Employee

‎09-29-2003 05:34 PM

Always remember that there's an implict "deny everything" at the end of an access-list. By adding one line with a specific deny as you have, there's an additional line after that that says "deny everything else" and so everything is blocked. What you want is the following:

access-list inside_access_out deny ip any 63.246.130.0 255.255.255.255

access-list inside_access_out permit ip any any

access-group inside_access_out in interface inside

and you should be good to go.

0 Helpful

jjknuckle
Level 1
Level 1
In response to gfullage

‎09-29-2003 10:41 PM

Will the Pix translate the address/mask to all hosts on that network given the mask of 255.255.255.255?

0 Helpful

mostiguy
Level 6
Level 6
In response to jjknuckle

‎09-30-2003 06:39 AM

That mask is for one host only.

0 Helpful

smartnet
Level 1
Level 1
In response to gfullage

‎10-06-2003 05:47 AM

Perfect! I put this config in and it worked great. I did however, following the other posts change the netmask from 255.255.255.255 to 255.255.255.0.

Thanks!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card