June 27th, 2007, 09:42 PM
blocking RTSP on my PIX
I'm trying to block RTSP (TCP 554) using an ACL on my PIX. But whenever I apply it, it blocks everything and no one can get out. What am I doing wrong? I'm typing:
access-list 101 deny TCP any any eq 554
access-list 101 permit ip any any
June 28th, 2007, 08:07 AM
On what interface are you applying the acl?
Experience is something you don't get until just after you need it.
June 28th, 2007, 10:09 AM
Is this inbound or outbound?
I'm presuming that as you say no one can get out after you apply it, that it is outbound?
The commands look OK, although there is no need to follow it up with the permit ip any any command if it is on the Inside interface.
What command are you using to apply it to the actual Interface?
June 28th, 2007, 01:48 PM
Hmmm, not my area but don't those streaming players try to look for another port if 554 is blocked by a firewall?
http port 80 perhaps?
Nothing to do with your initial question, but it might affect what you are trying to achieve?
June 29th, 2007, 03:49 PM
shouldnt it be..
access-list 101 permit tcp any any
June 29th, 2007, 05:03 PM
if he wants to permit TCP traffic, yes......however it looks like he wants to permit all IP traffic
June 29th, 2007, 08:06 PM
Hmm well if IP isnt work maybe you should put an entry for TCP and UDP separately...
June 30th, 2007, 02:08 PM
Permitting UDP and TCP separately will do the exact same thing as permitting IP. The OP's problem more than likely lies with the way the ACL is being applied to the interface, not with the actual command.
By yourdeadin in forum AntiOnline's General Chit Chat
Last Post: September 16th, 2004, 11:55 AM
By Soda_Popinsky in forum Other Tutorials Forum
Last Post: June 19th, 2004, 01:42 AM
By ZeroOne in forum Web Development
Last Post: January 12th, 2003, 03:52 AM
By Phat_Penguin in forum The Security Tutorials Forum
Last Post: December 14th, 2002, 05:05 AM
By bombayofpigs in forum AntiOnline's General Chit Chat
Last Post: July 16th, 2002, 03:03 PM