• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 286
  • Last Modified:

Cisco Pix Access list Question

I would like to create an access list that has access to certain services. My question is the following:

Is there a way to create a group of ips (not a range) and then only have to write one access-list command. This way i could simply add ips to the group when i when to grant them access

Thanks
0
inf2300
Asked:
inf2300
1 Solution
 
nodiscoCommented:
Yes - you can use the object-group command

For example - if you want to allow www access in to several web servers on non-sequential ip addresses :

conf t
object-group network wwwservers
network-object host 200.200.200.145
network-object host 200.200.200.147
network-object host 200.200.200.149
network-object host 200.200.200.155
network-object host 200.200.200.176
network-object host 200.200.200.143

access-list fromoutside permit tcp any object-group wwwservers eq www

You can now add hosts to the object group as needed and they will be applied.

hope this helps

0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now