Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
You may experience some slow load times, errors, and slight inconsistencies. We ask for your patience as we finalize the launch. Thank you.

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

access-list help

Hi

I'm looking to use the following object-groups and access-list. Could someone please verify that my config is ok!

Here's the config:

object-group network dmz2_web_servers

description Trusted Windows WebServers

network-object host xxx.xxx.xxx.74

network-object host xxx.xxx.xxx.75

network-object host xxx.xxx.xxx.76

network-object host xxx.xxx.xxx.77

exit

object-group network dmz2_sql_servers

description Trusted SQL Servers

Trusted Windows SQL Servers

network-object host xxx.xxx.xxx.78

exit

object-group network TrustedHosts

group-object dmz2_web_servers

group-object dmz2_sql_servers

Trusted Services:

object-group service Internal_VNC tcp

description VNC server ports

port-object eq 5900

port-object eq 5800

object-group service External_Web tcp

description Web server ports permitted from internet

port-object eq 80

port-object eq 443

object-group service Internal_dns_ntp udp

description DNS and NTP

port-object eq domain

port-object eq ntp

object-group service Internal_mssqlserver tcp

description : list of TCP ports that the MSSQLSERVER service requires

port-object eq 1433

object-group service ms_mssqlserver_udp udp

description : list of UDP ports that the MSSQLSERVER service requires

port-object eq 1434

access-list ex_web remark Web Servers accept http and https connections from Internet.

access-list ex_web permit tcp any object-group dmz2_web_servers object-group External_Web

Thanks in advance for any help

Dan

  • Other Security Subjects
2 REPLIES

Re: access-list help

Looks ok to me.

Re: access-list help

OK to me too !!!

89
Views
0
Helpful
2
Replies