Cisco PIX Question

Toggle sidebar Toggle sidebar

SaigonK

Diamond Member
Aug 13, 2001
7,482
3
0
www.robertrivas.com
Awhile back I had created an object-group to block outgoing access to a set of IP's:


object-group network Tecent
network-object 61.144.238.145 255.255.255.255
network-object 61.144.238.146 255.255.255.255
network-object 202.104.129.251 255.255.255.255
network-object 202.104.129.254 255.255.255.255
network-object 61.141.194.203 255.255.255.255
network-object 202.104.129.252 255.255.255.255
network-object 202.104.129.253 255.255.255.255
network-object 218.17.217.106 255.255.255.255
network-object 219.133.40.95 255.255.255.255
network-object 219.133.40.97 255.255.255.255
network-object 219.133.40.157 255.255.255.255
network-object 219.133.40.177 255.255.255.255
network-object 219.133.40.73 255.255.255.255
network-object 219.133.40.189 255.255.255.255
network-object 218.18.95.153 255.255.255.255
network-object 218.17.209.23 255.255.255.255
network-object 218.17.209.42 255.255.255.255
network-object 219.133.49.6 255.255.255.255
network-object 218.18.95.165 255.255.255.255
network-object 219.133.38.132 255.255.255.255


Now I am getting ready to add my access-list and wanted to see if this might be the best possible way. here is my intended syntax:

access-list outside_access line 3 deny tcp any any Tecent
access-list outside_access line 3 deny udp any any Tecent

Basically i am looking to block that entire group of Ip's from being access by my internal hosts...

It looks good to me, but anyone care to comment?
 
R

Rogue

Banned
Jan 28, 2000
5,774
0
0
I dislike using groups simply because they confuse an otherwise clean ACL entry. I simply use remark statements and put the ACL entries below that. Groups also expand into their respective single ACL entries once processed by the PIX anyway. Just use the following:

access-list outside_access remark <descriptive text>
 
I

imported_netman

Member
Jun 6, 2005
34
0
0
I on the other hand find many uses for object groups.. and they can be organized to be as clean or better than just straight ACLs


Yours:
access-list outside_access line 3 deny tcp any any Tecent
access-list outside_access line 3 deny udp any any Tecent

Obviously specifying the line number would indicate that there is a certain point in the ACL you want to insert these entries.. The any any portion is the source and destination. Where the destination should probably be the object group if I am reading what you want to do right.


access-list outside_access line 3 deny tcp any Tecent
access-list outside_access line 3 deny udp any Tecent
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom
sale-70-410-exam    | Exam-200-125-pdf    | we-sale-70-410-exam    | hot-sale-70-410-exam    | Latest-exam-700-603-Dumps    | Dumps-98-363-exams-date    | Certs-200-125-date    | Dumps-300-075-exams-date    | hot-sale-book-C8010-726-book    | Hot-Sale-200-310-Exam    | Exam-Description-200-310-dumps?    | hot-sale-book-200-125-book    | Latest-Updated-300-209-Exam    | Dumps-210-260-exams-date    | Download-200-125-Exam-PDF    | Exam-Description-300-101-dumps    | Certs-300-101-date    | Hot-Sale-300-075-Exam    | Latest-exam-200-125-Dumps    | Exam-Description-200-125-dumps    | Latest-Updated-300-075-Exam    | hot-sale-book-210-260-book    | Dumps-200-901-exams-date    | Certs-200-901-date    | Latest-exam-1Z0-062-Dumps    | Hot-Sale-1Z0-062-Exam    | Certs-CSSLP-date    | 100%-Pass-70-383-Exams    | Latest-JN0-360-real-exam-questions    | 100%-Pass-4A0-100-Real-Exam-Questions    | Dumps-300-135-exams-date    | Passed-200-105-Tech-Exams    | Latest-Updated-200-310-Exam    | Download-300-070-Exam-PDF    | Hot-Sale-JN0-360-Exam    | 100%-Pass-JN0-360-Exams    | 100%-Pass-JN0-360-Real-Exam-Questions    | Dumps-JN0-360-exams-date    | Exam-Description-1Z0-876-dumps    | Latest-exam-1Z0-876-Dumps    | Dumps-HPE0-Y53-exams-date    | 2017-Latest-HPE0-Y53-Exam    | 100%-Pass-HPE0-Y53-Real-Exam-Questions    | Pass-4A0-100-Exam    | Latest-4A0-100-Questions    | Dumps-98-365-exams-date    | 2017-Latest-98-365-Exam    | 100%-Pass-VCS-254-Exams    | 2017-Latest-VCS-273-Exam    | Dumps-200-355-exams-date    | 2017-Latest-300-320-Exam    | Pass-300-101-Exam    | 100%-Pass-300-115-Exams    |
http://www.portvapes.co.uk/    | http://www.portvapes.co.uk/    |