network-object command

Oct 9th, 2007

all, I need to restrict IP addresses : - 4.48 from getting out to the internet, IP address, I would like access to the internet. Using the: network-object command, how can I restrict the IPs up through 48, but allow 49?

Jon Marshall Tue, 10/09/2007 - 11:57


Presumably you are talking about pix/asa device.

If you just need to allow .49 then just allow that host only in the access-list ie.

access-list outbound permit tcp host any eq 80


However if you would like to allow all the network other than IP addresses 1 -> 48 which i think is what you are asking

LabProtect1(config)# object-group network test

LabProtect1(config-network)# network-object

LabProtect1(config-network)# network-object

LabProtect1(config)# access-list outbound deny ip object-group TEST any

LabProtect1(config)# access-list outbound permit ip any




