cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7471
Views
5
Helpful
5
Replies

How to allow all outgoing traffic and block all incoming traffic with access list?

N5fGc9uYr
Level 1
Level 1

Using Cisco PIX 515E firewall

Version 7.2(4)25

Unrestricted (UR) license

 

This is my current configuration:

config t
int e0
ip address dhcp setroute
nameif outside
no shut

int e1
ip address 10.1.1.1 255.0.0.0
nameif inside
no shut
exit

global (outside) 1 inter
nat (inside) 1 10.0.0.0 255.0.0.0

icmp deny any outside

1 Accepted Solution

Accepted Solutions

For outbound traffic:

 

access-list Inside_allow_all permit ip any any

access-group Inside_allow_all in interface inside

 

For inbound traffic

access-list Outside_Restricted deny ip x.x.x.x x.x.x.x

access-group Outside_Restricted in interface outside

 

Regards,

Puneesh

Please rate helpful posts

View solution in original post

5 Replies 5

Puneesh Chhabra
Cisco Employee
Cisco Employee

When you name the interface as "inside", it automatically acquires the security level 100 and outside would be 0.  So, by default all outgoing traffic is allowed and incoming is blocked.

 

If you want to do it explicitly, you can specify ACLs and apply them on the interface.

 

Regards,

Puneesh

Please rate helpful posts

Yes I know how to do it by using security levels inside 100 and outside 0.

But for educational purposes I wanted to know how to do it explicitly via access list in a simple way.

No fancy setups if possible.

 

For outbound traffic:

 

access-list Inside_allow_all permit ip any any

access-group Inside_allow_all in interface inside

 

For inbound traffic

access-list Outside_Restricted deny ip x.x.x.x x.x.x.x

access-group Outside_Restricted in interface outside

 

Regards,

Puneesh

Please rate helpful posts

For inbound traffic:

The deny ip x.x.x.x x.x.x.x should be?

my local ip

my public ip

my private ip

my gateway

dhcp setroute

any any

 

 

 

 

I use any any in x.x.x.x x.x.x.x

It took all the commands properly

Thanks, great support

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: