Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
539
Views
0
Helpful
2
Replies

Specify a range of ip addresses in an ACE on Cisco ASA

thedstrom
Level 1
Level 1

‎05-24-2006 06:35 AM - edited ‎02-21-2020 12:55 AM

Hi

Is there any way you easily can specify a range of ip addresses from a subnet in an access-list in an ASA. I want to apply specific rules to dhcp-clients but I don't want the rule apply to the rest of the subnet.

Something like this:

Access-list Outgoing permit tcp 10.10.10.100-10.10.10-200 eq 80

I know you could do it with object-groups but then you'll end up with a quite messy config with a hundred lines of ip-addresses in different object-groups. So if someone out there know of a better solution it would be great.

Regards

Torbjörn Hedström

Sweden

0 Helpful
2 Replies 2

solefald
Level 1
Level 1

‎05-24-2006 09:39 AM

i dont think you can put it like that...

one possibility would be making it

access-list Outgoing permit tcp 10.10.10.128 255.255.255.128 eq 80

But you will need to change your DHCP subnet to be 10.10.10.128/25

sorry if im not making sense, i've been using ASA for about a week now :)

0 Helpful

thedstrom
Level 1
Level 1
In response to solefald

‎05-25-2006 04:12 AM

Thanks for the reply,

You make perfect sense but I'm not so keen on that solution either, in that case the object-group approach will have to do. As going the subnetting route would break the whole ip-plan

The reason the problem arise is that I'm replacing an old linux-based firewall, where you could specify that kind of ranges, to a Cisco ASA 5510.

I've configured a number of Pix'es before but I was hoping the new software in the ASA would permit me to specify this kind of range of ip addresses.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card