[afnog] Web access blocking

Moussa BAGAYOKO Mkbagayoko at bdm-sa.com
Fri May 13 13:35:05 EAT 2005


Alain,

My purpose is to deny Internet access to networks (about 10) behind my
pix-525 inside interface; not web access on host in my DMZ.

I've got 2 pixs in failover that have behind inside interface many networks;
outside interface is connected at last rtr cisco rtr 2611 before my ISP
link.

I tried to configure that with pix device manager pdm but it denied access
for my entire network. PDM put this access rule at the top off ACL page and
it generates the following command for one network e.g.:

names
name 111.2222.333.0 myname

access-list inside_access_in deny tcp myname 255.255.255.0 any eq www
 

Best Regards


Moussa K BAGAYOKO
Cadre Informaticien
Banque de Développement du Mali
Av Modibo KEITA  Bamako MALI
Tel: +223 222 31 84
      +233 630 40 53
> -----Message d'origine-----
> De : AINA ALAIN PATRICK(TRS) [mailto:aalain at trstech.net]
> Envoyé : mercredi 11 mai 2005 09:06
> À : Moussa BAGAYOKO
> Cc : afnog at afnog.org
> Objet : Re: [afnog] Web access blocking
> 
> Moussa,
> 
> > Someone can help me please to how to block a web access from specific
> bloc
> > IP address behind inside interface on Cisco pix-525. The inside
> interface
> > is connected to cisco routeur 3745.
> 
> can you provide more infos on how this works ?
> 
> --alain




More information about the afnog mailing list