The outbound rules are different in syntax than the normal Cisco
access-list commands.
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v50/config/commands.htm#xtocid459340
I believe you do need the deny statement first on the outbound lists used
for stateful packet filtering. If you use an access-list on the PIX for
packet filtering the order is permit than deny.
The default on the PIX is to allow all outbound traffic. I've only used
the PIX in testing, but put a deny all statement first, then explicitly
permitted the allowed traffic after the deny statement.
-Kathleen
_______________________
Kathleen M. Moriarty
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
