Peter,
I believe that the correct configuration would be to deny 10.6.x.x access to
any outside addresses:
outbound 102 deny 10.6.x.x 255.255.255.255 0 0
and then to allow access to the 200.121.x.x server on port 1222 with an
except statement:
outbound 102 except 200.121.x.x 255.255.255.255 1222 tcp
Please let me know if that worked for you.
Regards,
Eric Sineath
CCIE (R/S) #4504
CCIE (Design) Passed, but no number yet
Senior Consultant
SBC DataComm
-----Original Message-----
From: Peter Gray [mailto:[EMAIL PROTECTED]]
Sent: Friday, November 10, 2000 7:27 PM
To: [EMAIL PROTECTED]
Subject: Fwd: PIX QUESTION********
I am using PIX 515 IOS ver 4.4. I have to allow only one inside user to
access an Internet address on a particular port. I am using outbound
statement with except to do this. But it is not working. Can anyone put some
light on that. Here is what I am doing:
A user from 10.6.x.x subnet needs to access internet address 200.121.x.x on
port 1222.
outbound 102 permit 200.121.x.x 255.255.255.255 1222 tcp
outbound 102 except 10.6.x.x 255.255.255.255 0 0
apply (inside) 102 outgoing_dest
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
Share information about yourself, create your own public profile at
http://profiles.msn.com.
_________________________________
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
