Blocking wireless hosts through PIX

Posted on 2006-06-18
Last Modified: 2010-04-09
      Here is the situation. I have PIX firewall and a couple of switches behind the firewall and a Wireless Router. The wireless router has an IP of There are a few hosts which use the wireless router to connect to the internet. My question is that one of the hosts which connect to the wireless router has an IP address of, and I would like to know how I can write an ACL that will block this IP address from accessing the internet, without blocking the wireless router access to the internet. The wireless router is just acting as an Access Point nothing else no DHCP is running etc, and that’s how I would like to leave it.

                                                                           Thank You,
Question by:vreyesii
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
LVL 32

Accepted Solution

rsivanandan earned 400 total points
ID: 16931743

  Do you have any acls on your inside interface ? If so, add this to it;

access-list <Name> deny ip any

and then apply it to the 'inside' interface.


Author Comment

ID: 16931796

 Shouldn't the access-list be "access-list deny_outbound deny ip host any" ?

                                                   Thank You,
LVL 32

Expert Comment

ID: 16931893
Yeah, if it is a single host then you can go by that specific host.

LVL 79

Assisted Solution

lrmoore earned 100 total points
ID: 16933579
Don't forget to add the permit any any at the end. If you don't, the implicit "deny all" will take over.

access-list deny_outbound deny ip host any
access-list deny_outbound permit ip any any

access-group deny_outbound in interface inside


Author Comment

ID: 16934281
Thank You both for your help.

Featured Post

Surfing Is Meant To Be Done Outdoors

Featuring its rugged IP67 compliant exterior and delivering broad, fast, and reliable Wi-Fi coverage, the AP322 is the ideal solution for the outdoors. Manage this AP with either a Firebox as a gateway controller, or with the Wi-Fi Cloud for an expanded set of management features

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Config NAT/PAT while having sub interface config on router. 8 33
NAT Public IP through a VPN 17 79
VOIP gateways - feedback 23 65
pptp through Cisco ASA5505 V7 5 31
Overview The Cisco PIX 501, PIX 506e, ASA 5505 and ASA 5510 (most if not all of this information will be relevant to the PIX 515e but I do not have a working configuration handy to verify the validity) are primarily used within small to medium busi…
For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question