Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
367
Views
0
Helpful
3
Replies

ASA 5580

ARMANDO ALVARADO
Level 1
Level 1

‎09-27-2010 06:26 AM - edited ‎03-11-2019 11:45 AM

I wanted to find out if It is possible to  created a network groups for dmz hosts to access inside host with no service group. I just want to allow some perticular servers to communicate to inside.

Labels:
0 Helpful
3 Replies 3

Jennifer Halim
Cisco Employee
Cisco Employee

‎09-27-2010 06:35 AM

Sure can.

Here is how to configure network object group:

object-group network dmz-servers-group

     network-object host

     network-object host

Here is the URL for your reference:

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/no.html#wp1772354

Hope that helps.

0 Helpful

ARMANDO ALVARADO
Level 1
Level 1
In response to Jennifer Halim

‎09-27-2010 08:27 AM

So that I understand this correctly. You can use this and the servers in the dmz will still communicate with the inside host with its nat address. Correct.

I using the same inside address for the nat.  I forgot to mention that also sorry. This is going to be for a virtual enviroment. Just trying to secure the group.

0 Helpful

Jennifer Halim
Cisco Employee
Cisco Employee
In response to ARMANDO ALVARADO

‎09-27-2010 09:40 PM

Sorry, not very clear on what you are trying to achieve after the second post.

Are you trying to configure grouping so you can configure the access-list more effectively?

What version of ASA 5580 are you running?

Can you please share the topology and what exactly you are trying to achieve. Thanks.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card