ASA 5580

ARMANDO ALVARADO · ‎09-27-2010

I wanted to find out if It is possible to created a network groups for dmz hosts to access inside host with no service group. I just want to allow some perticular servers to communicate to inside.

Jennifer Halim · ‎09-27-2010

Sure can.

Here is how to configure network object group:

object-group network dmz-servers-group

network-object host

Here is the URL for your reference:

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/no.html#wp1772354

Hope that helps.

ARMANDO ALVARADO · ‎09-27-2010

So that I understand this correctly. You can use this and the servers in the dmz will still communicate with the inside host with its nat address. Correct.

I using the same inside address for the nat. I forgot to mention that also sorry. This is going to be for a virtual enviroment. Just trying to secure the group.

Jennifer Halim · ‎09-27-2010

Sorry, not very clear on what you are trying to achieve after the second post.

Are you trying to configure grouping so you can configure the access-list more effectively?

What version of ASA 5580 are you running?

Can you please share the topology and what exactly you are trying to achieve. Thanks.