We help IT Professionals succeed at work.

block certain ip ranges with cisco pix 506e

myfootsmells
myfootsmells asked
on
Medium Priority
551 Views
Last Modified: 2013-11-16
i want to block people inside my org to go to 80.1.1.0 - 80.1.1.255

i tried the following

access-list outbound deny ip any host 80.1.1.0 0.0.0.255

didn't work.  suggestions?

thanks
Comment
Watch Question

You're thinking of Cisco router ACL syntax..  ;)
Your PIX ACL should look like this to block an entire "Class C" IP range:

access-list outbound deny ip any 80.1.1.0 255.255.255.0

Be very careful before applying it to the inside interface - PIX ACLs behave like router ACLs: they have an implied "deny everything" at the end, so unless you have an "allow all" line at the end of your ACL, you'll block everything else outbound.
So your ACL should look something like this:
  access-list outbound deny ip any 80.1.1.0 255.255.255.0
           (...other optional lines if desired)
  access-list outbound permit ip any any   <- last line of your ACL

cheers

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
oh im doing

access-list outbound remark line 1 blocking this website
access-list outbound deny ip any 80.1.1.0 255.255.255.0

Author

Commented:
oops

access-list outbound line 2 deny ip any 80.1.1.0 255.255.255.0
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.