Block range of ports cisco pix 515e

Posted on 2006-11-20
Last Modified: 2013-11-16
I need to block a range of ports, for all inside ip addresses. the port range is 6881-6999, I tried the lines below, but it cut off all traffic to the internet. The hardware is a cisco pix 515e 6.3(4). All of the traffic will be coming from the inside interface, destined for the internet. Can anyone tell the CLI syntax to do this?

access-list acl_inside deny tcp any any range 6881 6999
access-group acl_inside in interface inside
Question by:ptuttle1319
LVL 20

Accepted Solution

RPPreacher earned 500 total points
ID: 17981641

access-list acl_inside deny tcp any any range 6881 6999
access-list acl_inside permit ip any any eq http
access-list acl_inside permit ip any any eq https

access-group acl_inside in interface inside

Access-lists end with an implied deny all

Author Comment

ID: 17981725
I had to change it to the syntax below to get it to work, seems to be good to go now.

access-list acl_inside permit tcp any any eq http
access-list acl_inside permit tcp any any eq https

Featured Post

Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
cisco switch 3750E port channel down 13 29
Cisco Aironet 1140: setting up basic SSID 12 35
decoding the error message TEI_ASSIGNED 8 38
IR 1023 Scanning 4 23
This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
Internet Business Fax to Email Made Easy - With  eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question