Blocking Ports

[tattl]

All,

I have a VPN setup via 3 PIX firewalls (PIX 515 at my current location). I am looking for an easy way to block one ip address from using port 80 to get to the www. I would like to do this if possible before the pix translates the address to my global outside ip address. Is there a way that I can assign an access list blocking this ip address (port) 80 on the PIX ethernet interface?

Thanks

 

[themut]

access-list <acl-name> deny ip host <private-ip> any eq 80
access-list <acl-name> permit ip any any
access-group <acl-name> in interface inside

 

[tattl]

how do I access an interface on a pix 515 firewall

 

[Lou0686]

Hi,

What version OS do you have on the PIX?

Do you have the PDM installed? If so you can connect through

HTTPS://<Private

IP of PIX). Add the commands above with the TOOLS/Command Line Interface (or something similar).

You can get to it with a Hyperterminal connection.

You can get to it with a console cable.

Lou