I'm desperately trying to get the ACE to limit access to a certain policy based on a list of source address hosts.
object-group network ALLOWED-IP
description IPs allowed to access HTTPS
host 94.247.XXX.XXX
host 178.132.XXX.XXX
host 86.26.XXX.XXX
host 5.135.XXX.XXX
access-list ANY line 8 extended permit icmp any any
access-list ANY line 16 extended permit ip any any
ssl-proxy service proxy-1
class-map match-all L4-WEB-IP
2 match virtual-address 5.39.XXX.XXX tcp eq www
class-map type management match-all PUBLIC_REMOTE
2 match protocol ssh source-address 5.135.XXX.XXX 255.255.255.255
class-map type management match-all REMOTE_ACCESS
2 match protocol ssh any
policy-map type management first-match REMOTE_MGMT_ALLOW_POLICY
class REMOTE_ACCESS
permit
policy-map type management first-match REMOTE_PUBLIC_MGMT
class PUBLIC_REMOTE
permit
policy-map type loadbalance http first-match WEB_L7_POLICY
class class-default
serverfarm FARM_WEB
insert-http x-forward header-value "%is"
policy-map multi-match WEB-to-vIPs
class L4-WEB-IP
loadbalance vip inservice
loadbalance policy WEB_L7_POLICY
loadbalance vip icmp-reply active
nat dynamic 1 vlan 3014
appl-parameter http advanced-options HTTP_PARAMETER_MAP
interface vlan 1229
ip address 5.39.XXX.XXX 255.255.255.240
alias 5.39.XXX.XXX 255.255.255.240
peer ip address 5.39.XXX.XXX 255.255.255.240
access-group input ANY
service-policy input REMOTE_PUBLIC_MGMT
service-policy input WEB-to-vIPs
no shutdown
