cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
halplease
New Contributor

Allow Group of IPs through PFs

I am using a Netvanta 3448 on Firmware R12.3.3.E.

Is there any way to allow a group of IPs through Port Forwards that are translated to user-specified ports?

I know you can go through and add every allowed IP individually to the specific ACL, such as:

ip access-list extended web-acl-8

  remark http to switch

  permit tcp xx.xxx.xxx.55 0.0.0.31  any eq 999   log

  permit tcp xx.xxx.xx.44 0.0.0.15 any eq 999 log

  permit tcp xx.x.xxx.33 0.0.0.3 any eq 999 log

  permit tcp xx.x.xxx.222 0.0.0.3 any eq 999 log

Then add a nat destination rule to the Public policy class:

ip policy-class Public

  nat destination list web-acl-8 address 10.10.10.3 port 80

But is there anyway to create an ACL with allowed IPs then add this list to a Port Forward ACL that can be added to the Public Policy class? For example:

ip access-list extended ALLOWED

  permit ip xx.xxx.xxx.55 0.0.0.31  any

  permit ip xx.xxx.xx.44 0.0.0.15  any

  permit ip xx.x.xxx.33 0.0.0.3  any

  permit ip xxx.xxx.x.222 0.0.0.3  any

ip access-list extended web-acl-8

  remark http to switch

  permit tcp list ALLOWED any eq 999  log

ip policy-class Public

  nat destination list web-acl-8 address 10.10.10.3 port 80

^^^Just an example. Not a possible config.

I would like to do this so that I don't have to manually add the same IPs over and over to different Port Forwards.

0 Kudos