AAA PIX - Page 5

By  Cisco Press | Oct 10, 2001
Page 5 of 6   |  Back to Page 1
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

For review purposes, look at Figure 4-9. Refer to Figure 4-9 while reviewing the following discussion about the command lines used.

Figure 4-9 PIX outbound command Example

(Click image for larger view in a new window)

The following line prevents access to all of the 10.200.200.0/24 network from all hosts for all protocols. The PIX uses subnet masks, not wildcard masks. 

 outbound limit_acctg deny 10.200.200.0 255.255.255.0
The following line is an exception to the preceding line. Because the apply statement uses outgoing_src, the preceding denial of access to the 10.200.200.0 network does not apply to the host with the IP address of 10.10.1.51. Because the security level is higher on the network where this computer sits, this computer has access to the whole of the 10.200.200.0 network. 
 outbound limit_acctg except 10.10.1.51
The following line allows all hosts on all networks with a higher security level to have access to the host at 10.200.200.66. 
 outbound limit_acctg permit 10.200.200.66
The following line allows all hosts on all networks with a higher security level to have access to the host at 10.200.200.67. 
 outbound limit_acctg permit 10.200.200.67
The following line applies the access list called limit_acctg to the accounting interface and makes a definition for the except command, specifying that the IP addresses within the except command refer to a source address. 
 apply (accounting) limit_acctg outgoing_dest
It is important to remember that the order of the outbound statements is not a concern because the PIX uses a best-fit algorithm.

jfreund@internet.com

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter
Helpful Links

  • Yankee Group Mobile WAN Optimization Report

    Mobile work continues to evolve. Your organization must keep up with the demands of its mobile workforce. This report introduces the concept of mobile WAN optimization and provides three case studies including RCM, PRTM and Einstein that highlight how this emerging technology can help IT departments achieve what previously appeared to be conflicting goals. Read >

  • Network Security Resources

    More threats than ever before pose a danger to today's enterprise network. Get the latest tips and intel on the newest risks in our guide to network security resources. Read >

  • Extreme Savings: Cutting Costs with WAN Optimization

    Did you know it's possible to cut IT costs without impacting day-to-day IT operations? In fact, when you download this whitepaper from Riverbed on cost-savings through WAN optimization, you'll discover how businesses of all different sizes have realized a return on investment in just a few months through significant hard cost savings in areas such as bandwidth reduction and IT consolidation. It's called Extreme Savings and its only from Riverbed. Read >