Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
293
Views
0
Helpful
1
Replies

acl configuration on a 6500 firewall

abraunig1
Level 1
Level 1

‎04-19-2007 06:53 PM - edited ‎03-11-2019 03:02 AM

Hi all

I require assistance with configuring an acl on a 6500 firewall inbound interface so a host can access only specific server ip ranges within other sites

eg: server addresses 192.168.x.20 to 192.168.x.35 - 0.0.255.15

if anyone has experience with this type of configuration could you kindly advise

cheers

Labels:
0 Helpful
1 Reply 1

Jon Marshall
Hall of Fame
Hall of Fame

‎04-19-2007 11:03 PM

Hi

fwsm(config)# object-group network servers

fwsm(config-network)# network-object host 192.168.x.20

fwsm(config-network)#network-object host 192.168.x.21

... etc.

fwsm(config-network)# network-object host 192.168.x.35

fwsm(config)# access-list restrict permit ip host x.x.x.x object-group servers

fswm(config)# access-group restrict in interface "fw interface"

Couple of things to be aware of

1) You may need NAT translations depending on whether you are using NAT and the security levels of your interfaces.

2) Every access-list has an implicit deny at the end so make sure you add in any other access to the "restrict" acl before applying it.

3) The access-list says permit ip but you could tie this down to more specific tcp and udp ports.

HTH

Jon

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card