• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 844
  • Last Modified:

Block range of ports cisco pix 515e

I need to block a range of ports, for all inside ip addresses. the port range is 6881-6999, I tried the lines below, but it cut off all traffic to the internet. The hardware is a cisco pix 515e 6.3(4). All of the traffic will be coming from the inside interface, destined for the internet. Can anyone tell the CLI syntax to do this?


access-list acl_inside deny tcp any any range 6881 6999
access-group acl_inside in interface inside
0
ptuttle1319
Asked:
ptuttle1319
1 Solution
 
RPPreacherCommented:

access-list acl_inside deny tcp any any range 6881 6999
access-list acl_inside permit ip any any eq http
access-list acl_inside permit ip any any eq https

access-group acl_inside in interface inside

Access-lists end with an implied deny all
0
 
ptuttle1319Author Commented:
I had to change it to the syntax below to get it to work, seems to be good to go now.

access-list acl_inside permit tcp any any eq http
access-list acl_inside permit tcp any any eq https
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now