How to select a range of NOT private networks in cisco ASA?

S

Sergey2015-11-12 12:59:01

Cisco

Sergey, 2015-11-12 12:59:01

I am writing under the article Setting up monitoring and QoS on cisco ASA limiting the speed of Internet access for users.
But in the article all speed is limited in general. Not only on the Internet, but also on the local network.
It is necessary to limit access only to the Internet.
How to select the range of all networks except private?
If private I can collect in a group, then how to collect NOT private?

object network 10.0.0.0
 subnet 10.0.0.0 255.0.0.0
object network 172.16.0.0
 subnet 172.16.0.0 255.240.0.0
object network 192.168.0.0
 subnet 192.168.0.0 255.255.0.0
object-group network RFC1918
 network-object object 10.0.0.0
 network-object object 172.16.0.0
 network-object object 192.168.0.0

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

K

Karroplan, 2015-11-12
@Karroplan

Usually, Internet access occurs through a separate interface. Like, Gi0 / 0 - to the Internet, Gi0 / 1 - to the local network, Gi0 / 2 towards the WAN of our company. Therefore, it makes no sense to do some kind of filter by subnets. you just make a shaper for the entire interface towards the Internet and that's it.