0 Replies Latest reply on Jun 18, 2018 8:16 PM by halplease

    Allow Group of IPs through PFs

    halplease New Member

      I am using a Netvanta 3448 on Firmware R12.3.3.E.

       

      Is there any way to allow a group of IPs through Port Forwards that are translated to user-specified ports?

       

      I know you can go through and add every allowed IP individually to the specific ACL, such as:

       

      ip access-list extended web-acl-8

        remark http to switch

        permit tcp xx.xxx.xxx.55 0.0.0.31  any eq 999   log

        permit tcp xx.xxx.xx.44 0.0.0.15 any eq 999 log

        permit tcp xx.x.xxx.33 0.0.0.3 any eq 999 log

        permit tcp xx.x.xxx.222 0.0.0.3 any eq 999 log

       

      Then add a nat destination rule to the Public policy class:

       

      ip policy-class Public

        nat destination list web-acl-8 address 10.10.10.3 port 80

       

       

      But is there anyway to create an ACL with allowed IPs then add this list to a Port Forward ACL that can be added to the Public Policy class? For example:

       

      ip access-list extended ALLOWED

        permit ip xx.xxx.xxx.55 0.0.0.31  any

        permit ip xx.xxx.xx.44 0.0.0.15  any

        permit ip xx.x.xxx.33 0.0.0.3  any

        permit ip xxx.xxx.x.222 0.0.0.3  any

       

       

      ip access-list extended web-acl-8

        remark http to switch

        permit tcp list ALLOWED any eq 999  log

       

      ip policy-class Public

        nat destination list web-acl-8 address 10.10.10.3 port 80

       

       

      ^^^Just an example. Not a possible config.

       

       

       

      I would like to do this so that I don't have to manually add the same IPs over and over to different Port Forwards.