12-20-2013 03:26 AM - edited 03-11-2019 08:20 PM
Hello everyone
we have a small network consists of 50+ clients and 1 server, and there is a ASA 5512-x between the server and clients, all those 50+ clients are required to have access to the server, so instead of creating 50+ ACLs is there a easier way to do this? (global ACL is not an option here)
Cheers
12-20-2013 04:15 AM
Configure an object-group with the 50 IPs and use that object-group as the source in your ACL.
object-group network CLIENTS
network-object host 10.10.10.1
network-object host 10.10.10.3
network-object host 10.10.10.9
network-object host 10.10.10.15
access-list ACL extended permit ip object-group CLIENTS host SERVER-IP
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
12-20-2013 05:40 AM
thanks for your reply Karsten, problme is the 50 clients are splitted into 4 different subnet...
12-20-2013 05:54 AM
Set the security level for both interfaces the same and enable same-security-interface
12-20-2013 07:22 AM
Karsten is correct. As long as your 4 different subnets are ingressing on the same interface, then create your object group using the IP's that you need.
As Colin mentioned, you can use 'same-security-traffic permit inter-interface', but in my opinion, that defeats the purpose of using a firewall to begin with. (Of course there are scenarios where you may need this).
12-20-2013 07:25 AM
As Colin mentioned, you can use 'same-security-traffic permit inter-interface', but in my opinion, that defeats the purpose of using a firewall to begin with. (Of course there are scenarios where you may need this).
Can you explain why you think it defeats the purpose?
12-20-2013 07:28 AM
security level is made redundant once ACL is in place is it?
12-20-2013 07:32 AM
Adding an ACL to an interface does not change the security level. Security levels are conifgured and they do not change unless you explicity change them.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide