• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 538
  • Last Modified:

block certain ip ranges with cisco pix 506e

i want to block people inside my org to go to 80.1.1.0 - 80.1.1.255

i tried the following

access-list outbound deny ip any host 80.1.1.0 0.0.0.255

didn't work.  suggestions?

thanks
0
myfootsmells
Asked:
myfootsmells
  • 2
1 Solution
 
calvinetterCommented:
You're thinking of Cisco router ACL syntax..  ;)
Your PIX ACL should look like this to block an entire "Class C" IP range:

access-list outbound deny ip any 80.1.1.0 255.255.255.0

Be very careful before applying it to the inside interface - PIX ACLs behave like router ACLs: they have an implied "deny everything" at the end, so unless you have an "allow all" line at the end of your ACL, you'll block everything else outbound.
So your ACL should look something like this:
  access-list outbound deny ip any 80.1.1.0 255.255.255.0
           (...other optional lines if desired)
  access-list outbound permit ip any any   <- last line of your ACL

cheers
0
 
myfootsmellsAuthor Commented:
oh im doing

access-list outbound remark line 1 blocking this website
access-list outbound deny ip any 80.1.1.0 255.255.255.0
0
 
myfootsmellsAuthor Commented:
oops

access-list outbound line 2 deny ip any 80.1.1.0 255.255.255.0
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get Certified for a Job in Cybersecurity

Want an exciting career in an emerging field? Earn your MS in Cybersecurity and get certified in ethical hacking or computer forensic investigation. WGU’s MSCSIA degree program was designed to meet the most recent U.S. Department of Homeland Security (DHS) and NSA guidelines.  

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now