cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


205
Views
0
Helpful
1
Replies
Beginner

ASA group containing Internet addressing only

Couldn't find this anywhere, so made it myself, its a group that excludes all RFC1918 addressing and contains all other IPv4 addresses. It includes RFC3330 but I don't think that will concern most people.

 

 

object-group network INTERNET
network-object 0.0.0.0 248.0.0.0
network-object 8.0.0.0 254.0.0.0
network-object 11.0.0.0 255.0.0.0
network-object 12.0.0.0 252.0.0.0
network-object 16.0.0.0 240.0.0.0
network-object 32.0.0.0 224.0.0.0
network-object 64.0.0.0 192.0.0.0
network-object 128.0.0.0 224.0.0.0
network-object 160.0.0.0 248.0.0.0
network-object 168.0.0.0 252.0.0.0
network-object 172.0.0.0 255.240.0.0
network-object 172.32.0.0 255.224.0.0
network-object 172.64.0.0 255.192.0.0
network-object 172.128.0.0 255.128.0.0
network-object 173.0.0.0 255.0.0.0
network-object 174.0.0.0 254.0.0.0
network-object 174.0.0.0 254.0.0.0
network-object 176.0.0.0 240.0.0.0
network-object 192.0.0.0 255.128.0.0
network-object 192.128.0.0 255.224.0.0
network-object 192.160.0.0 255.248.0.0
network-object 192.169.0.0 255.0.0.0
network-object 192.170.0.0 255.254.0.0
network-object 192.172.0.0 255.252.0.0
network-object 192.176.0.0 255.240.0.0
network-object 192.192.0.0 255.192.0.0
network-object 193.0.0.0 255.0.0.0
network-object 194.0.0.0 254.0.0.0
network-object 196.0.0.0 252.0.0.0
network-object 200.0.0.0 248.0.0.0
network-object 208.0.0.0 240.0.0.0
network-object 224.0.0.0 224.0.0.0

1 REPLY 1
Highlighted
VIP Advisor

Re: ASA group containing Internet addressing only

Depends on the requirement, if you looking to only Public IP address range to allow, then use only those address to allow.

 

Rest will be denied automatically or wise versa.

 

Another way i did import made a script of all IP range for the public range.

 

BB
*** Rate All Helpful Responses ***