PIX 515e Security Group

Unanswered Question
Dec 12th, 2007
User Badges:

I am having trouble finding a way to give different users access to different parts of my network. It looks like I can only limit access to everyone.


Any help would be great.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Collin Clark Wed, 12/12/2007 - 11:19
User Badges:
  • Purple, 4500 points or more

You can change the ACL from any to a host or range of IPs. For example here's an ACL that would block all the 192.168.10 /24 users but allow all other 192.168. users.


access-list inside_out extended deny 192.168.10.0 255.255.255.0 any eq 80

access-list inside_out extended permit 192.168.0.0 255.255.0.0 any eq 80


HTH

1cmerchant Wed, 12/12/2007 - 13:01
User Badges:

You can also use the object-group commands within ACL's to group similar objects together when they share common networks, ports, etc.

Actions

This Discussion