Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
376
Views
0
Helpful
3
Replies

Object Group Help

Go to solution
eelliston
Level 1
Level 1

‎12-21-2004 06:36 AM - edited ‎03-09-2019 09:49 AM

I have 3 full class C address spaces that I need to define in an access list. Most of them will have www,SSL,FTP ...

Is there a way I can either use the object group or define a range of addresses..

for instance:

I want WWW,80,SSL,FTP on the addresses 216.82.64.61 - 216.82.65.99

How can I do this without typing everything in?

Thanks!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
scoclayton
Level 7
Level 7
In response to eelliston

‎12-21-2004 09:07 AM

No problem. And Yes, we can also handle your other request. Just add the following configuration (assuming inside/outside interface but this can change as needed):

static (inside,outside) 216.82.0.0 192.168.0.0 255.255.0.0

With this command in place, the PIX will replace the "192.168" with "216.82" on any packets traversing the interfaces in question. The last 2 octets will be unchanged.

Is this what you were looking for?

Scott

View solution in original post

0 Helpful
3 Replies 3

Go to solution
scoclayton
Level 7
Level 7

‎12-21-2004 07:19 AM

I am pretty sure this will do the trick. Hopefully, my subnetting skills are still sharp. You may want to make sure that the network and broadcast addresses from the subnets I put below get added to the access-list. If they do not, you may need to add specific "network-object host" statements for 216.82.64.64, 216.82.64.127, 216.82.64.128, etc...

object-group network servers

network-object host 216.82.64.61

network-object host 216.82.64.62

network-object host 216.82.64.63

network-object 216.82.64.64 255.255.255.192

network-object 216.82.64.128 255.255.255.128

network-object 216.82.65.0 255.255.255.192

network-object 216.82.65.64 255.255.255.224

network-object host 216.82.65.96

network-object host 216.82.65.97

network-object host 216.82.65.98

network-object host 216.82.65.99

access-list 101 permit tcp any object-group servers eq 80

access-list 101 permit tcp any object-group servers eq 443

access-list 101 permit tcp any object-group servers eq 21

Hope this helps.

Scott

0 Helpful

Go to solution
eelliston
Level 1
Level 1
In response to scoclayton

‎12-21-2004 07:43 AM

I love this place =)

Is there a way I can use the same method when setting up one to one NAT?

Every address is going to be associated with an private IP. Everything except the first 2 octets will be the same IE. 216.82.65.64 = 192.168.65.64

I have it already made, but the static statements are HUGE. is there a way I can clean it up?

Thanks again! Big help...

0 Helpful

Go to solution
scoclayton
Level 7
Level 7
In response to eelliston

‎12-21-2004 09:07 AM

No problem. And Yes, we can also handle your other request. Just add the following configuration (assuming inside/outside interface but this can change as needed):

static (inside,outside) 216.82.0.0 192.168.0.0 255.255.0.0

With this command in place, the PIX will replace the "192.168" with "216.82" on any packets traversing the interfaces in question. The last 2 octets will be unchanged.

Is this what you were looking for?

Scott

0 Helpful
Customers Also Viewed These Support Documents