block a single IP or a range of IPs on PIX

I want to block a specific host from reaching my dmz subnet.

In the example the host is and the IP of the dmz subnet is

These lines don't work.

access-list outside deny ip host host
access-list outside deny ip host

What am I doing wrong?
Who is Participating?
batry_boyConnect With a Mentor Commented:
As long as the translated public IP address of the DMZ subnet is then it should work as long as it's applied to the outside interface.  What do your statics and access-group statements look like?
lrmooreConnect With a Mentor Commented:
They should work fine. Can you post result of "show access-list". Look for increase # in (Hitcount= xxx)
Do you have any permit statements above it? i.e.
 access-list outside permit tcp any host eq www
 access-list outside deny ip host host

The permit will allow the packet and will never hit the deny.
Alan Huseyin KayahanConnect With a Mentor Commented:
make sure you tagged this acl group to interface by typing
access-group outside in interface dmz
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.