Blocking Ports

simba327 · Dec 4, 2002

Hi,

I have a PIX 515 with v. 6.1 software. I would like to restrict my users from connecting to the internet on ports 5190-5193 (which I'm told is what AOL uses). They are bypassing the URL filtering on the PIX (WebSense) by connecting to AOL and browsing through that.

iiiiss · Dec 4, 2002

just use access-lists and access-groups ...

eg: when you want to block access from inside to outside over port 5190 --> access-list inside deny tcp a a eq 5190
access-group inside in interface inside

or when you want to block the ports from 5190 to 5193

access-l inside deny tcp any any range 5190 5193

access-group inside in in in

Best regards

simba327 · Dec 4, 2002

Thanks

haknwak · Dec 6, 2002

dmccabe - be aware that AOL IM reverts to port 80 if the ones you mentioned are not available. Plus the program can be run through a web browser entirely.

There are several discussions elsewhere on this subject. The most successful I have read of block entire networks owned by AOL using access-lists.

Good luck and let us know if you find success.

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Blocking Ports

simba327

MIS

iiiiss

Technical User

simba327

MIS

haknwak

MIS

Similar threads

Part and Inventory Search

Sponsor