Solved

Blocking wireless hosts through PIX

Posted on 2006-06-18
5
213 Views
Last Modified: 2010-04-09
Hello,
      Here is the situation. I have PIX firewall and a couple of switches behind the firewall and a Wireless Router. The wireless router has an IP of 10.1.1.23. There are a few hosts which use the wireless router to connect to the internet. My question is that one of the hosts which connect to the wireless router has an IP address of 10.1.1.253, and I would like to know how I can write an ACL that will block this IP address from accessing the internet, without blocking the 10.1.1.23 wireless router access to the internet. The wireless router is just acting as an Access Point nothing else no DHCP is running etc, and that’s how I would like to leave it.


                                                                           Thank You,
                                                                          Victor
0
Comment
Question by:vreyesii
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 32

Accepted Solution

by:
rsivanandan earned 400 total points
ID: 16931743
Victor,

  Do you have any acls on your inside interface ? If so, add this to it;

access-list <Name> deny ip 10.1.1.253 any

and then apply it to the 'inside' interface.

Cheers,
Rajesh
0
 

Author Comment

by:vreyesii
ID: 16931796
Hi,

 Shouldn't the access-list be "access-list deny_outbound deny ip host 10.1.1.253 any" ?

                                                   Thank You,
                                                    Victor
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 16931893
Yeah, if it is a single host then you can go by that specific host.

Cheers,
Rajesh
0
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 100 total points
ID: 16933579
Victor,
Don't forget to add the permit any any at the end. If you don't, the implicit "deny all" will take over.

access-list deny_outbound deny ip host 10.1.1.253 any
access-list deny_outbound permit ip any any

access-group deny_outbound in interface inside

0
 

Author Comment

by:vreyesii
ID: 16934281
Thank You both for your help.
0

Featured Post

Webinar: Aligning, Automating, Winning

Join Dan Russo, Senior Manager of Operations Intelligence, for an in-depth discussion on how Dealertrack, leading provider of integrated digital solutions for the automotive industry, transformed their DevOps processes to increase collaboration and move with greater velocity.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question