cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3341
Views
0
Helpful
7
Replies

how to create a ACL to allow multiple IP addresses to access to one PC?

LionKin1984
Level 1
Level 1

Hello everyone

we have a small network consists of 50+ clients and 1 server, and there is a ASA 5512-x between the server and clients, all those 50+ clients are required to have access to the server, so instead of creating 50+ ACLs is there a easier way to do this? (global ACL is not an option here)

Cheers

7 Replies 7

Configure an object-group with the 50 IPs and use that object-group as the source in your ACL.

object-group network CLIENTS

  network-object host 10.10.10.1

  network-object host 10.10.10.3

  network-object host 10.10.10.9

  network-object host 10.10.10.15

access-list ACL extended permit ip object-group CLIENTS host SERVER-IP

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

thanks for your reply Karsten, problme is the 50 clients are splitted into 4 different subnet...

Set the security level for both interfaces the same and enable same-security-interface

Karsten is correct.  As long as your 4 different subnets are ingressing on the same interface, then create your object group using the IP's that you need.

As Colin mentioned, you can use 'same-security-traffic permit inter-interface', but in my opinion, that defeats the purpose of using a firewall to begin with.  (Of course there are scenarios where you may need this).


As Colin mentioned, you can use 'same-security-traffic permit inter-interface', but in my opinion, that defeats the purpose of using a firewall to begin with.  (Of course there are scenarios where you may need this).

Can you explain why you think it defeats the purpose?

security level is made redundant once ACL is in place is it?

Adding an ACL to an interface does not change the security level. Security levels are conifgured and they do not change unless you explicity change them.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: