ASA can I define a range of IP addresses?

goldnetps · ‎07-28-2009

Can I define a range of IPs in an access list?

I know it was not possible in the old versions, I could only define something that could fit in a network/mask pair.

Like, 192.168.40.0 255.255.255.0

But what if I want to define from 192.168.40.23 to 192.168.40.80?

Thanks.

Collin Clark · ‎07-28-2009

You can VLSM at the proper boundaries

192.168.40.96 255.255.255.224 which would include hosts .97-.126. If the hosts don't fit in a neat VLSM, you can create an object group and enter them in there. Let's say you want .97-.100.

object-group network CERTAIN_HOSTS

network-object host 192.168.40.97

network-object host 192.168.40.98

network-object host 192.168.40.99

network-object host 192.168.40.100

You can also add VLSM networks in the object group above.

Hope that helps.