1.1.13 host 209.165.201.2 eq www
access-list 101 deny tcp host 10.1.1.15 host 209.165.201.1 eq www
access-list 101 deny tcp host 10.1.1.15 host 209.165.201.2 eq www
access-list 101 deny tcp 10.1.2.0 255.255.255.0 host 209.165.201.1 eq www
access-list 101 deny tcp 10.1.2.0 255.255.255.0 host 209.165.201.2 eq www
access-list 101 deny tcp 10.1.5.0 255.255.255.0 host 209.165.201.1 eq www
access-list 101 deny tcp 10.1.5.0 255.255.255.0 host 209.165.201.2 eq www
access-list 101 permit ip any any
Example 6-23 shows creating two network-type object groups named denyhosts that include the host and
network addresses used in the source address parameter and object group named webserver, which defines
the two web servers used in the destination address parameter.
Example 6-23. Configuring Object Groups
! Define Network Object Group denyhosts
hostname(config)# object-group network denyhosts
hostname(config-network)# description Deny Addresses
hostname(config-network)# network-object host 10.1.1.13
hostname(config-network)# network-object host 10.1.1.15
hostname(config-network)# network-object host 10.1.1.52
hostname(config-network)# network-object 10.1.2.0 255.255.255.0
hostname(config-network)# network-object 10.
Pages:
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315