Re: Pix newbie question

From: matt (exxmrm@hotmail.com)
Date: 01/31/03 

From: "matt" <exxmrm@hotmail.com>
Date: Fri, 31 Jan 2003 00:51:30 -0000

"Thomas" <maskedman@get2net.dk> wrote in message
news:3e39c67b$0$13220$edfadb0f@dread11.news.tele.dk...
> How do I block an ip address on the LAN from going on the internet?
>
> Regards,
>
> Thomas
>
>

You need to create an access list first ie

access-list deny-out deny ip 10.0.0.1 host <IPTOBLOCK>

Then that needs to be attached to the outside interface like

access-group deny-out out interface outside

iirc. :)

Matt

Relevant Pages

  • Pix newbie question
    ... How do I block an ip address on the LAN from going on the internet? ... Regards, ... Thomas ...
    (comp.security.firewalls)
  • Re: Problem configuring NAT to share Internet Connection
    ... One of my NICs in the server connect to a DSL ... modem and it connects to internet. ... > interface, that connects to the DSL modem, LAN interface, that connects to ... >> 7.- To connect server to Internet, I create a new network connection. ...
    (microsoft.public.win2000.ras_routing)
  • Internet thru Cisco 871
    ... SDM wizards and didn't get the internet. ... expected static IP address on the Dialer0 interface but fail ping ... zone security private ... ip http access-class 3 ...
    (comp.dcom.sys.cisco)
  • Re: Problem configuring NAT to share Internet Connection
    ... This is the IPCONFIG information of the server (where you can see Internet ... interface, that connects to the DSL modem, LAN interface, that connects to ... > 7.- To connect server to Internet, I create a new network connection. ...
    (microsoft.public.win2000.ras_routing)
  • Re: Access from internal hosts to internal servers using external address
    ... I have a Cisco 386 in a NAT configuration. ... Internal hosts can access the Internet in a NAT'ed fashion ... interface Ethernet0 ...
    (comp.dcom.sys.cisco)