Awhile back I had created an object-group to block outgoing access to a set of IP's:
object-group network Tecent
network-object 61.144.238.145 255.255.255.255
network-object 61.144.238.146 255.255.255.255
network-object 202.104.129.251 255.255.255.255
network-object 202.104.129.254 255.255.255.255
network-object 61.141.194.203 255.255.255.255
network-object 202.104.129.252 255.255.255.255
network-object 202.104.129.253 255.255.255.255
network-object 218.17.217.106 255.255.255.255
network-object 219.133.40.95 255.255.255.255
network-object 219.133.40.97 255.255.255.255
network-object 219.133.40.157 255.255.255.255
network-object 219.133.40.177 255.255.255.255
network-object 219.133.40.73 255.255.255.255
network-object 219.133.40.189 255.255.255.255
network-object 218.18.95.153 255.255.255.255
network-object 218.17.209.23 255.255.255.255
network-object 218.17.209.42 255.255.255.255
network-object 219.133.49.6 255.255.255.255
network-object 218.18.95.165 255.255.255.255
network-object 219.133.38.132 255.255.255.255
Now I am getting ready to add my access-list and wanted to see if this might be the best possible way. here is my intended syntax:
access-list outside_access line 3 deny tcp any any Tecent
access-list outside_access line 3 deny udp any any Tecent
Basically i am looking to block that entire group of Ip's from being access by my internal hosts...
It looks good to me, but anyone care to comment?
object-group network Tecent
network-object 61.144.238.145 255.255.255.255
network-object 61.144.238.146 255.255.255.255
network-object 202.104.129.251 255.255.255.255
network-object 202.104.129.254 255.255.255.255
network-object 61.141.194.203 255.255.255.255
network-object 202.104.129.252 255.255.255.255
network-object 202.104.129.253 255.255.255.255
network-object 218.17.217.106 255.255.255.255
network-object 219.133.40.95 255.255.255.255
network-object 219.133.40.97 255.255.255.255
network-object 219.133.40.157 255.255.255.255
network-object 219.133.40.177 255.255.255.255
network-object 219.133.40.73 255.255.255.255
network-object 219.133.40.189 255.255.255.255
network-object 218.18.95.153 255.255.255.255
network-object 218.17.209.23 255.255.255.255
network-object 218.17.209.42 255.255.255.255
network-object 219.133.49.6 255.255.255.255
network-object 218.18.95.165 255.255.255.255
network-object 219.133.38.132 255.255.255.255
Now I am getting ready to add my access-list and wanted to see if this might be the best possible way. here is my intended syntax:
access-list outside_access line 3 deny tcp any any Tecent
access-list outside_access line 3 deny udp any any Tecent
Basically i am looking to block that entire group of Ip's from being access by my internal hosts...
It looks good to me, but anyone care to comment?