PIX Block Internal user from accessing rane of ports 1

DaveGreeko · Jul 18, 2007

Hello everyone,
My Cisco guy left the company and I urgently need the proper Access-list command to block one host (10.10.10.42) in our LAN from accessing the internet except a list of external IPs belong to our bank with port 443.
Any help is greatly appreciated.

Our PIX is 506E with version is 6.3(5)
Thank you again

Supergrrover · Jul 18, 2007

Access-list outbound permit tcp host 10.10.10.42 host [DESTINATION_IP] eq 443 ****repeat per allowed IP
Access-list outbound deny ip host 10.10.10.42 any
Access-list outbound permit ip any any

access-group outbound in interface inside

If you have external DNS resolution add this right after the allowed IPs but before the deny statement...
Access-list outbound permit udp host 10.10.10.42 any eq dns

Hope this helps

Brent
Systems Engineer / Consultant
CCNP, CCSP

DaveGreeko · Jul 20, 2007

Thank you so much Brent. It's the way I wanted and it's working perfect [2thumbsup]

. Thanks again and have a productive weekend

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

PIX Block Internal user from accessing rane of ports 1

DaveGreeko

IS-IT--Management

Supergrrover

IS-IT--Management

DaveGreeko

IS-IT--Management

Similar threads

Part and Inventory Search

Sponsor