01-16-2014 10:06 AM - edited 03-11-2019 08:31 PM
Hello,
This should be a simple question but I wanted to verify first before I made the changes on the ASA.
I'm trying to deny the following range or IPs (10.2.1.201-10.2.1.206) from accessing the Internet. So, I created teh following acl:
access-list acl_lib_pub extended dny ip 10.2.1.201 0.0.0.4 any
Is this correct?
Thanks in advance.
Best, ~sK
Solved! Go to Solution.
01-16-2014 10:16 AM
Hi Sadik,
ASA takes netmask not wildcard (like a router). Your ACL should be
access-list acl_lib_pub extended deny ip 10.2.1.200 255.255.255.248 any
access-list acl_lib_pub extended permit ip any any ---> To allow rest of the IPs.
After adding this, make sure 10.2.1.200 and 207 can still hit internet. If not, you may need go with smaller subnet.
hth
MS
01-16-2014 10:57 AM
Hi,
Create a object network
object network obj-block
range 10.2.1.201 10.2.1.206
exit
access-list acl_lib_pub extended deny ip object obj-block any
access-list acl_lib_pub extended permit ip any any
- Prateek Verma
01-16-2014 10:16 AM
Hi Sadik,
ASA takes netmask not wildcard (like a router). Your ACL should be
access-list acl_lib_pub extended deny ip 10.2.1.200 255.255.255.248 any
access-list acl_lib_pub extended permit ip any any ---> To allow rest of the IPs.
After adding this, make sure 10.2.1.200 and 207 can still hit internet. If not, you may need go with smaller subnet.
hth
MS
01-16-2014 10:57 AM
Hi,
Create a object network
object network obj-block
range 10.2.1.201 10.2.1.206
exit
access-list acl_lib_pub extended deny ip object obj-block any
access-list acl_lib_pub extended permit ip any any
- Prateek Verma
01-16-2014 11:14 AM
Thanks for the quick response. So, I changed the range to deny 14 IP addresses (10.2.1.240 - 10.2.1.254). The acl statement I'll apply is
access-list acl_lib_pub extended dny ip 10.253.1.240 255.255.255.240 any
Will this do the trick?
Best, ~sK
01-18-2014 11:49 AM
That worked...
~sK
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: