09-18-2003 07:24 AM - edited 03-02-2019 10:26 AM
The topo just like :
internet---pix---c2621(NAT-gateway)---pc
Now PC can access internet , How can I block it without modify C2621's config ?(Because I have no permission)
Regards
09-18-2003 07:45 AM
Use an inbound access list on the inside interface of the PIX.
access-list 101 deny ip host (pc address) any
(add some commands that permit some outbound traffic)
!
access-group 101 in interface inside
HTH
Mark
09-18-2003 08:17 AM
HI Mark
That PC is behind NAT-Gateway , I can't deny It's IP , cause that IP is translated to NAT-Gateway's .
09-18-2003 09:20 AM
I do not think this is possible unless the pc has static NAT.
regds
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide