Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

how to create a ACL to allow multiple IP addresses to access to one PC?

Hello everyone

we have a small network consists of 50+ clients and 1 server, and there is a ASA 5512-x between the server and clients, all those 50+ clients are required to have access to the server, so instead of creating 50+ ACLs is there a easier way to do this? (global ACL is not an option here)

Cheers

7 REPLIES
VIP Purple

Re: how to create a ACL to allow multiple IP addresses to access

Configure an object-group with the 50 IPs and use that object-group as the source in your ACL.

object-group network CLIENTS

  network-object host 10.10.10.1

  network-object host 10.10.10.3

  network-object host 10.10.10.9

  network-object host 10.10.10.15

access-list ACL extended permit ip object-group CLIENTS host SERVER-IP

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
New Member

Re: how to create a ACL to allow multiple IP addresses to access

thanks for your reply Karsten, problme is the 50 clients are splitted into 4 different subnet...

how to create a ACL to allow multiple IP addresses to access to

Set the security level for both interfaces the same and enable same-security-interface

New Member

how to create a ACL to allow multiple IP addresses to access to

Karsten is correct.  As long as your 4 different subnets are ingressing on the same interface, then create your object group using the IP's that you need.

As Colin mentioned, you can use 'same-security-traffic permit inter-interface', but in my opinion, that defeats the purpose of using a firewall to begin with.  (Of course there are scenarios where you may need this).

how to create a ACL to allow multiple IP addresses to access to


As Colin mentioned, you can use 'same-security-traffic permit inter-interface', but in my opinion, that defeats the purpose of using a firewall to begin with.  (Of course there are scenarios where you may need this).

Can you explain why you think it defeats the purpose?

New Member

how to create a ACL to allow multiple IP addresses to access to

security level is made redundant once ACL is in place is it?

Re: how to create a ACL to allow multiple IP addresses to access

Adding an ACL to an interface does not change the security level. Security levels are conifgured and they do not change unless you explicity change them.

454
Views
0
Helpful
7
Replies