https://community.cisco.com/t5/network-security/using-different-service-port-in-access-rules/m-p/3307723#M1064692 <P>Hi,</P> <P>&nbsp;</P> <P>I am configuring an access rule where i have created a service port tcp/udp 3389 and in addition to that i am adding icmp group port (0, 3 and <span class="lia-unicode-emoji" title=":smiling_face_with_sunglasses:">😎</span> but i am getting an error message</P> <P>&nbsp;</P> <P>"service cannot contain services of different types"</P> <P>&nbsp;</P> <P>any advise?</P> <P>&nbsp;</P> <P>thanks</P> <P>MM</P> Fri, 21 Feb 2020 15:05:32 GMT M Mohammed 2020-02-21T15:05:32Z https://community.cisco.com/t5/network-security/using-different-service-port-in-access-rules/m-p/3307723#M1064692 <P>Hi,</P> <P>&nbsp;</P> <P>I am configuring an access rule where i have created a service port tcp/udp 3389 and in addition to that i am adding icmp group port (0, 3 and <span class="lia-unicode-emoji" title=":smiling_face_with_sunglasses:">😎</span> but i am getting an error message</P> <P>&nbsp;</P> <P>"service cannot contain services of different types"</P> <P>&nbsp;</P> <P>any advise?</P> <P>&nbsp;</P> <P>thanks</P> <P>MM</P> Fri, 21 Feb 2020 15:05:32 GMT https://community.cisco.com/t5/network-security/using-different-service-port-in-access-rules/m-p/3307723#M1064692 M Mohammed 2020-02-21T15:05:32Z https://community.cisco.com/t5/network-security/using-different-service-port-in-access-rules/m-p/3307780#M1064693 <P>Hi Mohammed,</P> <P>&nbsp;</P> <P>You can not use both tcp and icmp service in same access control entry.</P> <P>You can create seperate objects for tcp and icmp service&nbsp; and can call them in seperate access control entries.</P> <P>Please let me know if you have any concern.</P> <P>&nbsp;</P> <P>The only way out is&nbsp;&nbsp;:-</P> <P>&nbsp;</P> <P class="pB1_Body1">To create a protocol group for TCP, UDP, and ICMP, enter the following commands:</P> <P><A name="wp1079236" target="_blank"></A></P> <SECTION class="pEx1_Example1"> <PRE>hostname (config)# <STRONG class="cKeyword">object-group protocol tcp_udp_icmp </STRONG></PRE> </SECTION> <P><A name="wp1079237" target="_blank"></A></P> <SECTION class="pEx1_Example1"> <PRE>hostname (config-protocol)# <STRONG class="cKeyword">protocol-object tcp </STRONG></PRE> </SECTION> <P><A name="wp1079254" target="_blank"></A></P> <SECTION class="pEx1_Example1"> <PRE>hostname (config-protocol)# <STRONG class="cKeyword">protocol-object udp </STRONG></PRE> </SECTION> <P><A name="wp1079259" target="_blank"></A></P> <SECTION class="pEx1_Example1"> <PRE>hostname (config-protocol)# <STRONG class="cKeyword">protocol-object icmp</STRONG></PRE> </SECTION> <P>and then use this protocol object in ACL.</P> <P>&nbsp;</P> <P>For detailed info please refer to below link: -</P> <P><A href="https://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/objectgroups.html#wp1098519" target="_blank">https://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/objectgroups.html#wp1098519</A></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>Please mark this post as post as helpful and accept it as solution if it resolves your concern.</P> <P>&nbsp;</P> <P>BR</P> <P>shivdube</P> <P>EX-CISCO TAC Engg</P> Mon, 08 Jan 2018 14:17:05 GMT https://community.cisco.com/t5/network-security/using-different-service-port-in-access-rules/m-p/3307780#M1064693 er.shivamdubey31190 2018-01-08T14:17:05Z