I'm trying to block RTSP (TCP 554) using an ACL on my PIX. But whenever I apply it, it blocks everything and no one can get out. What am I doing wrong? I'm typing:
access-list 101 deny TCP any any eq 554
access-list 101 permit ip any any
Printable View
I'm trying to block RTSP (TCP 554) using an ACL on my PIX. But whenever I apply it, it blocks everything and no one can get out. What am I doing wrong? I'm typing:
access-list 101 deny TCP any any eq 554
access-list 101 permit ip any any
On what interface are you applying the acl?
Is this inbound or outbound?
I'm presuming that as you say no one can get out after you apply it, that it is outbound?
The commands look OK, although there is no need to follow it up with the permit ip any any command if it is on the Inside interface.
What command are you using to apply it to the actual Interface?
Hmmm, not my area but don't those streaming players try to look for another port if 554 is blocked by a firewall?
http port 80 perhaps?
Nothing to do with your initial question, but it might affect what you are trying to achieve? :confused:
shouldnt it be..
access-list 101 permit tcp any any
if he wants to permit TCP traffic, yes......however it looks like he wants to permit all IP traffic
Hmm well if IP isnt work maybe you should put an entry for TCP and UDP separately...
Permitting UDP and TCP separately will do the exact same thing as permitting IP. The OP's problem more than likely lies with the way the ACL is being applied to the interface, not with the actual command.