joshj1982
10-18-2007, 01:50 PM
Hi guys!
I am new to the forums, but this looks like a great place to share and receive help, so I'm sure I'll be sticking around for a while. :)
I have a question regarding a Cisco Pix Firewall I am trying to configure. I want to be able to block Internet access on certain machines. Right now I am testing out my ACL changes on the internal address of 192.168.103.5. I have the firewall connected through a Cisco 1721 router. Here is my current ACL configuration:
access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 256)
alert-interval 300
access-list acl_in; 2 elements
access-list acl_in line 1 permit icmp host 192.168.103.0 any (hitcnt=0)
access-list acl_in line 2 permit tcp any host 65.***.***.*** (hitcnt=1895611)
access-list acl_out; 3 elements
access-list acl_out line 1 permit tcp any any eq pcanywhere-data (hitcnt=0)
access-list acl_out line 2 permit tcp any any eq citrix-ica (hitcnt=0)
access-list acl_out line 3 permit icmp host 0.0.0.0 any (hitcnt=0)
I tried adding this line:
access-list acl_in deny tcp host 192.168.103.5 any eq 80
That line did not work. I am assuming that it is a lot more complicated than that. What exactly do I need to do to keep specific machines from web browsing? Also, does the line order in a Pix ACL matter? Does it process the lines in a certain order? If you need additional information please let me know. Thank you so much for any help you can give me!
I am new to the forums, but this looks like a great place to share and receive help, so I'm sure I'll be sticking around for a while. :)
I have a question regarding a Cisco Pix Firewall I am trying to configure. I want to be able to block Internet access on certain machines. Right now I am testing out my ACL changes on the internal address of 192.168.103.5. I have the firewall connected through a Cisco 1721 router. Here is my current ACL configuration:
access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 256)
alert-interval 300
access-list acl_in; 2 elements
access-list acl_in line 1 permit icmp host 192.168.103.0 any (hitcnt=0)
access-list acl_in line 2 permit tcp any host 65.***.***.*** (hitcnt=1895611)
access-list acl_out; 3 elements
access-list acl_out line 1 permit tcp any any eq pcanywhere-data (hitcnt=0)
access-list acl_out line 2 permit tcp any any eq citrix-ica (hitcnt=0)
access-list acl_out line 3 permit icmp host 0.0.0.0 any (hitcnt=0)
I tried adding this line:
access-list acl_in deny tcp host 192.168.103.5 any eq 80
That line did not work. I am assuming that it is a lot more complicated than that. What exactly do I need to do to keep specific machines from web browsing? Also, does the line order in a Pix ACL matter? Does it process the lines in a certain order? If you need additional information please let me know. Thank you so much for any help you can give me!