Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
783
Views
0
Helpful
2
Replies

Network Object Group Public IP addresses

martinbuffleo
Level 1
Level 1

‎08-05-2011 04:00 AM - edited ‎03-11-2019 02:07 PM

Has any one come up with a neat way of creating a Network Group of public IP addresses.

I have branch offices that currently have the rule

Allow from: Inside to:any service:http

To allow users to browse the web.

But this gives them access to some of the web interfaces that i use to configure devices, on the LAN

What I would like is:

Allow from: Inside to:public IPs service:http

I have thought about

Deny from: Inside to:172.16.0.0/16 192.168.0.0/16 service:http

Allow from: Inside to:any service:http

But that means two rules for each service that has this requirement.

Also tried creating a public group including 0.0.0.0 through 9.255.255.255 but the ASA ASDM bins the command becuase it includes to many hosts.

Does any one have a better way?

Labels:
0 Helpful
2 Replies 2

Collin Clark
VIP Alumni
VIP Alumni

‎08-05-2011 04:53 AM

But this gives them access to some of the web interfaces that i use to configure devices, on the LAN

You could restrict access to your other management device on those devices instead of on the ASA. That is a more secure solution.

0 Helpful

martinbuffleo
Level 1
Level 1
In response to Collin Clark

‎08-05-2011 05:05 AM

The web interfaces are password protected and the ASA and switches have access limited to management IP addresses.

I'm just look at the whole defence in depth.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card