strange outbound

[Guest_imported]

hi,
I know that's a forum for router , but I want to get help about the pix firewall.

I want to prevent some users in the inside to access the web-server on the DMZ with address exp : 192.168.0.2(of the server)

so I use outbound command like this

outbound 1 deny 192.168.0.2 255.255.255.0 80 tcp
apply (inside)1 outgoing_dest.

but the strange problem is that I got after that any access (in the inside) for the other server in the DMZ like the DNS FTP with those addresses 192.168.0.3 192.168.0.4.


what is the prb?

 

[pmkincaid]

Your outbound access-list should have a mask of 255.255.255.255. The way you have it, it is denying the entire class C network of 192.168.0.0.

Hope this helps,
Paul

 

[Guest_imported]

hi paul,

I'm so glad to you, yes it's mork perfectly
I suppose that working more than 15 hours a day, make me blind.

thank you again if you want some help about cisco routers or firewall let me know.