Solved: outbound access to a selected number of hosts

eoscar · ‎08-02-2003

I have several internal class C Networks. I would like the first 99 hosts to be able to access the internet and deny the remaining hosts. I've looked at network object-group, but I'm wondering if there is another method of acheiving this?

Thanks in advance

mhoda · ‎08-02-2003

Hello,

Assuming these addresses are contigous, this how you can break it down and can use static or nat/no-nat based on the following breakdowns -

178.1.1.0 255.255.255.192 -->will conver from 1-63

178.1.1.64 255.255.255.224 --> covers from 64-95

178.1.1.96 255.255.255.255 -->.96

178.1.1.97 255.255.255.255 -->.97

178.1.1.98 255.255.255.255 -->.98

178.1.1.99 255.255.255.255 -->.99

I hope this helps. Regards,

Mynul

View solution in original post

mhoda · ‎08-02-2003

Hello,

Assuming these addresses are contigous, this how you can break it down and can use static or nat/no-nat based on the following breakdowns -

178.1.1.0 255.255.255.192 -->will conver from 1-63

178.1.1.64 255.255.255.224 --> covers from 64-95

178.1.1.96 255.255.255.255 -->.96

178.1.1.97 255.255.255.255 -->.97

178.1.1.98 255.255.255.255 -->.98

178.1.1.99 255.255.255.255 -->.99

I hope this helps. Regards,

Mynul

eoscar · ‎08-03-2003

They are contigous. I have a config similar to your sugestion.

Can I use the object-group command to identify the range of with an acl?

object-group network internal_clients

network-object host 178.1.1.1-178.1.1.99

:

access-list acl_in permit tcp object-group internal_clients any eq www

Thanks

mhoda · ‎08-03-2003

Hi,

Unfortunately, you cannot define the range in the network-object. It has to be either host or network addresses, not range.

Regards,

Mynul

eoscar · ‎08-04-2003

Thanks, I'll revert to your original sugestion.

This would be a very helpful feature.