ASA 5505 allow a range of public IPs to access a web server

Shannon Sutter · ‎12-02-2009

Hi,

I need to allow a range of public ips to access our server on port 8881. I am stuck on how to add a pool to it.

Public IP xxx.xxx.xxx.190

Private IP server: 10.1.10.10

Range of publics IPs to allow: xxx.70.8.125 - xxx.70.8.146

So far I've done this:

Static NAT

Static (inside,outside) tcp xxx.xxx.xxx.190 8881 10.1.10.10 8881 netmask 255.255.255.255

Jon Marshall · ‎12-02-2009

eferraros@ewpartners.com
Hi,
I need to allow a range of public ips to access our server on port 8881. I am stuck on how to add a pool to it.
Public IP xxx.xxx.xxx.190
Private IP server: 10.1.10.10
Range of publics IPs to allow: xxx.70.8.125 - xxx.70.8.146
So far I've done this:
Static NAT
Static (inside,outside) tcp xxx.xxx.xxx.190 8881 10.1.10.10 8881 netmask 255.255.255.255

Well you could use an object-group ie.

object-group network publicips

network-object host xxx.70.8.125

network-object host xxx.70.8.126

.... etc

network-object host xxx.70.8.146

then use the object group in your acl ie.

access-list outside_in permit tcp object-group publicips host xxx.xxx.xxx.190 eq 8881

Jon