Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
383
Views
4
Helpful
1
Replies

PIX 501 used to block part of subnet

jasonabradley
Level 1
Level 1

‎04-20-2007 03:26 PM - edited ‎03-11-2019 03:02 AM

I have a PIX 501 with a single inside network of 192.168.0.1/24. I need to block all IPs above .128 from getting outside.

My question is this -- should I configure two internal networks of 192.168.0.0/25 and 192.168.0.129/25? Or, can I leave the single network of 192.168.0.0/24 and just implement a rule to Deny outbound from inside 192.168.0.129 255.255.255.128 ?

Labels:
0 Helpful
1 Reply 1

Jon Marshall
Hall of Fame
Hall of Fame

‎04-21-2007 05:43 AM

Hi

No need to renumber your internal LAN.

As you say you can just use the second half of the subnet in the access-list on the pix ie.

access-list deny ip 192.168.0.128 255.255.255.128 any

access-list permit ip 192.168.0.0 255.255.255.128 any

HTH

Jon

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card