08-29-2015 08:08 PM - edited 03-11-2019 11:31 PM
Using Cisco PIX 515E firewall
Version 7.2(4)25
Unrestricted (UR) license
This is my current configuration:
config t
int e0
ip address dhcp setroute
nameif outside
no shut
int e1
ip address 10.1.1.1 255.0.0.0
nameif inside
no shut
exit
global (outside) 1 inter
nat (inside) 1 10.0.0.0 255.0.0.0
icmp deny any outside
Solved! Go to Solution.
08-29-2015 10:55 PM
For outbound traffic:
access-list Inside_allow_all permit ip any any
access-group Inside_allow_all in interface inside
For inbound traffic
access-list Outside_Restricted deny ip x.x.x.x x.x.x.x
access-group Outside_Restricted in interface outside
Regards,
Puneesh
Please rate helpful posts
08-29-2015 09:15 PM
When you name the interface as "inside", it automatically acquires the security level 100 and outside would be 0. So, by default all outgoing traffic is allowed and incoming is blocked.
If you want to do it explicitly, you can specify ACLs and apply them on the interface.
Regards,
Puneesh
Please rate helpful posts
08-29-2015 10:44 PM
Yes I know how to do it by using security levels inside 100 and outside 0.
But for educational purposes I wanted to know how to do it explicitly via access list in a simple way.
No fancy setups if possible.
08-29-2015 10:55 PM
For outbound traffic:
access-list Inside_allow_all permit ip any any
access-group Inside_allow_all in interface inside
For inbound traffic
access-list Outside_Restricted deny ip x.x.x.x x.x.x.x
access-group Outside_Restricted in interface outside
Regards,
Puneesh
Please rate helpful posts
08-30-2015 12:03 AM
For inbound traffic:
The deny ip x.x.x.x x.x.x.x should be?
my local ip
my public ip
my private ip
my gateway
dhcp setroute
any any
08-30-2015 01:26 AM
I use any any in x.x.x.x x.x.x.x
It took all the commands properly
Thanks, great support
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide