Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

network-object command

all, I need to restrict IP addresses : 10.220.4.1 - 4.48 from getting out to the internet, IP address 10.220.4.49, I would like access to the internet. Using the: network-object 10.220.4.0 255.255.255.0 command, how can I restrict the IPs up through 48, but allow 49?

1 REPLY
Hall of Fame Super Blue

Re: network-object command

Hi

Presumably you are talking about pix/asa device.

If you just need to allow .49 then just allow that host only in the access-list ie.

access-list outbound permit tcp host 10.220.4.49 any eq 80

etc...

However if you would like to allow all the 10.220.4.0/24 network other than IP addresses 1 -> 48 which i think is what you are asking

LabProtect1(config)# object-group network test

LabProtect1(config-network)# network-object 10.220.4.0 255.255.255.224

LabProtect1(config-network)# network-object 10.220.4.32 255.255.255.240

LabProtect1(config)# access-list outbound deny ip object-group TEST any

LabProtect1(config)# access-list outbound permit ip 10.224.4.0 255.255.255.0 any

HTH

Jon

329
Views
0
Helpful
1
Replies
CreatePlease to create content