Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA 5580

I wanted to find out if It is possible to  created a network groups for dmz hosts to access inside host with no service group. I just want to allow some perticular servers to communicate to inside.

3 REPLIES
Cisco Employee

Re: ASA 5580

Sure can.

Here is how to configure network object group:

object-group network dmz-servers-group

     network-object host

     network-object host

Here is the URL for your reference:

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/no.html#wp1772354

Hope that helps.

New Member

Re: ASA 5580

So that I understand this correctly. You can use this and the servers in the dmz will still communicate with the inside host with its nat address. Correct.

I using the same inside address for the nat.  I forgot to mention that also sorry. This is going to be for a virtual enviroment. Just trying to secure the group.

Cisco Employee

Re: ASA 5580

Sorry, not very clear on what you are trying to achieve after the second post.

Are you trying to configure grouping so you can configure the access-list more effectively?

What version of ASA 5580 are you running?

Can you please share the topology and what exactly you are trying to achieve. Thanks.

187
Views
0
Helpful
3
Replies
CreatePlease to create content