network-object command

Unanswered Question
Oct 9th, 2007

all, I need to restrict IP addresses : 10.220.4.1 - 4.48 from getting out to the internet, IP address 10.220.4.49, I would like access to the internet. Using the: network-object 10.220.4.0 255.255.255.0 command, how can I restrict the IPs up through 48, but allow 49?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Tue, 10/09/2007 - 11:57

Hi

Presumably you are talking about pix/asa device.

If you just need to allow .49 then just allow that host only in the access-list ie.

access-list outbound permit tcp host 10.220.4.49 any eq 80

etc...

However if you would like to allow all the 10.220.4.0/24 network other than IP addresses 1 -> 48 which i think is what you are asking

LabProtect1(config)# object-group network test

LabProtect1(config-network)# network-object 10.220.4.0 255.255.255.224

LabProtect1(config-network)# network-object 10.220.4.32 255.255.255.240

LabProtect1(config)# access-list outbound deny ip object-group TEST any

LabProtect1(config)# access-list outbound permit ip 10.224.4.0 255.255.255.0 any

HTH

Jon

Actions

This Discussion