Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Specify a range of ip addresses in an ACE on Cisco ASA

Hi

Is there any way you easily can specify a range of ip addresses from a subnet in an access-list in an ASA. I want to apply specific rules to dhcp-clients but I don't want the rule apply to the rest of the subnet.

Something like this:

Access-list Outgoing permit tcp 10.10.10.100-10.10.10-200 eq 80

I know you could do it with object-groups but then you'll end up with a quite messy config with a hundred lines of ip-addresses in different object-groups. So if someone out there know of a better solution it would be great.

Regards

Torbjörn Hedström

Sweden

2 REPLIES
New Member

Re: Specify a range of ip addresses in an ACE on Cisco ASA

i dont think you can put it like that...

one possibility would be making it

access-list Outgoing permit tcp 10.10.10.128 255.255.255.128 eq 80

But you will need to change your DHCP subnet to be 10.10.10.128/25

sorry if im not making sense, i've been using ASA for about a week now :)

New Member

Re: Specify a range of ip addresses in an ACE on Cisco ASA

Thanks for the reply,

You make perfect sense but I'm not so keen on that solution either, in that case the object-group approach will have to do. As going the subnetting route would break the whole ip-plan

The reason the problem arise is that I'm replacing an old linux-based firewall, where you could specify that kind of ranges, to a Cisco ASA 5510.

I've configured a number of Pix'es before but I was hoping the new software in the ASA would permit me to specify this kind of range of ip addresses.

143
Views
0
Helpful
2
Replies
CreatePlease to create content