block certain ip ranges with cisco pix 506e

i want to block people inside my org to go to 80.1.1.0 - 80.1.1.255

i tried the following

access-list outbound deny ip any host 80.1.1.0 0.0.0.255

didn't work.  suggestions?

thanks
LVL 5
myfootsmellsAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
calvinetterConnect With a Mentor Commented:
You're thinking of Cisco router ACL syntax..  ;)
Your PIX ACL should look like this to block an entire "Class C" IP range:

access-list outbound deny ip any 80.1.1.0 255.255.255.0

Be very careful before applying it to the inside interface - PIX ACLs behave like router ACLs: they have an implied "deny everything" at the end, so unless you have an "allow all" line at the end of your ACL, you'll block everything else outbound.
So your ACL should look something like this:
  access-list outbound deny ip any 80.1.1.0 255.255.255.0
           (...other optional lines if desired)
  access-list outbound permit ip any any   <- last line of your ACL

cheers
0
 
myfootsmellsAuthor Commented:
oh im doing

access-list outbound remark line 1 blocking this website
access-list outbound deny ip any 80.1.1.0 255.255.255.0
0
 
myfootsmellsAuthor Commented:
oops

access-list outbound line 2 deny ip any 80.1.1.0 255.255.255.0
0
All Courses

From novice to tech pro — start learning today.