Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
523
Views
0
Helpful
1
Replies

network-object command

rwamstutz
Level 1
Level 1

‎10-09-2007 11:28 AM - edited ‎03-05-2019 06:59 PM

all, I need to restrict IP addresses : 10.220.4.1 - 4.48 from getting out to the internet, IP address 10.220.4.49, I would like access to the internet. Using the: network-object 10.220.4.0 255.255.255.0 command, how can I restrict the IPs up through 48, but allow 49?

Labels:
0 Helpful
1 Reply 1

Jon Marshall
Hall of Fame
Hall of Fame

‎10-09-2007 11:57 AM

Hi

Presumably you are talking about pix/asa device.

If you just need to allow .49 then just allow that host only in the access-list ie.

access-list outbound permit tcp host 10.220.4.49 any eq 80

etc...

However if you would like to allow all the 10.220.4.0/24 network other than IP addresses 1 -> 48 which i think is what you are asking

LabProtect1(config)# object-group network test

LabProtect1(config-network)# network-object 10.220.4.0 255.255.255.224

LabProtect1(config-network)# network-object 10.220.4.32 255.255.255.240

LabProtect1(config)# access-list outbound deny ip object-group TEST any

LabProtect1(config)# access-list outbound permit ip 10.224.4.0 255.255.255.0 any

HTH

Jon

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card