I use command sets quite a bit to permit/deny specific commands for different admin groups. I want to create a new command set to block certain subnets from being used on the network at all. I thought regular expressions would be good here, but I cannot get these to work at all.
As an example, if I deny the command "*" and argument "ip host 172.16.", I cannot create an ACL line to permit ip host 172.16.1.1 or deny ip host 172.16.1.1.
How do I make this work so that no matter what precedes or follows the IP, the command is denied so that I can deny "ip address 172.16.1.1", "ip host 172.1.1", "ip 172.16.1.1", server 172.16.1.1", etc.?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...