with IOS 12.4(20)T, I am able to create network or service objects-groups.
I would like to create an external network object-group meaning that it will include all outside networks and exclude all my inside private networks.
I didn't found any way to say 'all but my inside networks'.
Then ,I created an object-group containing all public network ranges between private rfc1918 classes:
range 0.0.0.1 126.96.36.199
range 188.8.131.52 184.108.40.206
range 220.127.116.11 18.104.22.168
range 22.214.171.124 126.96.36.199
range 188.8.131.52 184.108.40.206
IOS has nothing to negate a host or a subnet or a network range
I can use an ace deny object-group <internal networks> to exclude internal networks before a permit any any but it will make configuration bigger,less readable and confusing when there are a lot of aces to be organized
may be it is new feature suggestion to exclude some networks in object-groups rather than always include them.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...