04-26-2019 11:20 AM
Good day
I have a ASA 5520 and currently I have the following set up
access-list OUTSIDE-INBOUND line 15 extended permit tcp any host 10.0.0.22 eq www
access-list OUTSIDE-INBOUND line 16 extended permit tcp any host 10.0.0.22 eq https
access-list OUTSIDE-INBOUND line 17 extended permit tcp any host 10.0.0.25 eq www
access-list OUTSIDE-INBOUND line 18 extended permit tcp any host 10.0.0.25 eq https
access-list OUTSIDE-INBOUND line 19 extended permit tcp any host 10.0.0.25 eq 8080
access-list OUTSIDE-INBOUND line 20 extended permit tcp any host 10.0.0.27 eq www
access-list OUTSIDE-INBOUND line 21 extended permit tcp any host 10.0.0.27 eq https
access-list OUTSIDE-INBOUND line 22 extended permit tcp any host 10.0.0.27 eq 8080
access-list OUTSIDE-INBOUND line 23 extended permit tcp any host 10.0.0 eq 8082
I was thinking I can create and object group for the IPs but how would I, lack for a better word, map the ports to them?
objext-group web servers
network-object host 10.0.0.22
network-object host 10.0.0.25
network-object host 10.0.0.27
access-list OUTSIDE-INBOUND line 23 extended permit tcp any objext-group web servers ????
This is where I am stuck, can I just do eq www, https, 8080, 8082??
Solved! Go to Solution.
04-26-2019 12:35 PM
Like the object group for the servers you could also create a service groups for the services and reference it that way.
object-group service <NAME> tcp
port-object eq 8080
port-object eq 8082
port-object eq http
port-object eq https
access-list OUTSIDE-INBOUND line 23 extended permit tcp any object-group web servers object-group <NAME>
04-26-2019 12:35 PM
Like the object group for the servers you could also create a service groups for the services and reference it that way.
object-group service <NAME> tcp
port-object eq 8080
port-object eq 8082
port-object eq http
port-object eq https
access-list OUTSIDE-INBOUND line 23 extended permit tcp any object-group web servers object-group <NAME>
04-26-2019 01:34 PM
Thank you Ben that actually never crossed my mind I will try it out, thank you sir!!
04-29-2019 05:56 AM
Thank you sir I put this in over the weekend just like you specified and it worked!!
YEAH!!!! So far no issues, I see the hit count increment so it looks like it works
thank you Ben for the help!!!!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: