PIX 515e Security Group

Unanswered Question
Dec 12th, 2007

I am having trouble finding a way to give different users access to different parts of my network. It looks like I can only limit access to everyone.

Any help would be great.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Collin Clark Wed, 12/12/2007 - 11:19

You can change the ACL from any to a host or range of IPs. For example here's an ACL that would block all the 192.168.10 /24 users but allow all other 192.168. users.

access-list inside_out extended deny 192.168.10.0 255.255.255.0 any eq 80

access-list inside_out extended permit 192.168.0.0 255.255.0.0 any eq 80

HTH

1cmerchant Wed, 12/12/2007 - 13:01

You can also use the object-group commands within ACL's to group similar objects together when they share common networks, ports, etc.

Actions

This Discussion